Where can I find the SSL Thumbprint for an HTTPS binding? We have a hex value for the field “Thumbprint” in the certificate’s details page, but when I put that in to Octopus Deploy and deployed, I got the message:
Could not find certificate under Cert:\LocalMachine with thumbprint HEX THUMBPRINT. Make sure that the certificat
15:55:51Error
e is installed to the Local Machine context and that the private key is availab
15:55:51Error
le.
15:55:51Error
At C:\Octopus\Applications.Tentacle\Octopus.Tentacle\2.1.3.1223\Scripts\Octopu
15:55:51Error
s.Features.IISWebSite_BeforePostDeploy.ps1:48 char:14
15:55:51Error
throw <<<< "Could not find certificate under Cert:\LocalMachine with
15:55:51Error
thumbprint $sslCertificateThumbprint. Make sure that the certificate is instal
15:55:51Error
led to the Local Machine context and that the private key is available."
15:55:51Error
+ CategoryInfo : OperationStopped: (Could not find …y is availa
15:55:51Error
ble.:String) [], RuntimeException
15:55:51Error
+ FullyQualifiedErrorId : Could not find certificate under Cert:\LocalMach
15:55:51Error
ine with thumbprint HEX THUMBPRINT
15:55:51Error
19 96. Make sure that the certificate is installed to the Local Machine co
15:55:51Error
ntext and that the private key is available.
I also tried putting in the value for the SSL Certificate and got the same message. Which exact field in IIS goes in the IIS Thumbprint field under process in Octopus Deploy?
Yes, this is the thumbprint that you need to use. Which version of Octopus are you using? The certificates dialog in Windows is notorious for putting extra whitespace around the thumbprint, including a hidden whitespace character at the front of the thumprint. So if the thumbprint looks like:
<hidden whitspace>AB 27 CC 14 78...
You need to delete the hidden whitespace (copy and paste it to notepad, put your caret before the first character, hit backspace a few times), and all the spaces in between so that you are left with:
AB27CC1478...
Also, the certificate that you are looking at needs to be in the Local Machine certificate store rather than a user-specific store (so that IIS can find it).
Thank you so much for getting back with me so quickly. I did have whitespace in my thumbprint. I deleted the whitespace and it was able to locate the certificate.
It’s something we try to trim out and manage without needing extra documentation. If you pasted the thumbprint into the UI and still had the issue we may have not be trimming the whitespace in all instances (which is annoying!).
I’ll investigate and if I can repro I’ll log a bug to fix.
It looks like he’s using a variable $sslCertificateThumbprint rather than pasting the thumbprint directly in, where it would have been trimmed. Could that be why?
I’ve made sure that my certificate’s thumbprint has no spaces (in between or at the beginning). I also checked that my certificate is configured under Local Computer (and not User-specific account) but still no luck.
I’m using Octopus 3.0.15.2418 and get the following same error message from above user-
Finding SSL certificate with thumbprint 00cd1d9c583f9
20:41:26Error
Could not find certificate under Cert:\LocalMachine with thumbprint
20:41:26Error
00cd1d9c583f9cc69c6b55f8990e8738fd. Make sure that the certificate is
20:41:26Error
installed to the Local Machine context and that the private key is available.
20:41:26Error
At C:\Octopus\Applications\LIVE\MYAPP-PATH\1.4.2.66_4\Octopus.Featu
20:41:26Error
res.IISWebSite_BeforePostDeploy.ps1:125 char:9
20:41:26Error
throw "Could not find certificate under Cert:\LocalMachine with
20:41:26Error
thumbpri …
What else could be wrong? Am I missing something? Thanks
I’ve tried both. I was using variables initially, then I switched to setting the value straight in the dialog.
Would there be a way to skip IIS binding setup at all? My app creates a subdomain for each client and I don’t fancy updating this deployment step every time I have to setup a new client.
