How to make CruiseControl.NET accept SSL certificate under Windows Server 2008?
If you are running CruiseControl.NET under the Local System account and your SVN server certificate was issued by yourself (or by VisualSVN Server) you will quickly run into trouble. Normally if you run any command on your repository you will get this information:
C:\Program Files\svn\bin>svn log https://your_server/svn/your_repository/trunk –username username –password password
Error validating server certificate for ‘https://your_server:443′:
– The certificate is not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!
– The certificate hostname does not match.
Certificate information:
– Hostname: your_server
– Valid: from Sat, 26 Sep 2009 17:24:27 GMT until Tue, 24 Sep 2019 17:24:27 GMT
– Issuer: your_server
– Fingerprint: 24:8e:f6:ba:c7:a6:3f:69:32:c0:21:92:64:44:62:fe:2c:bb:b4:69
(R)eject, accept (t)emporarily or accept (p)ermanently?
If you accept you will not be bothered again. But CCNet works as a Windows Service. There is no one to make the decision. How to deal with this issue. Well earlier it was easy enough. You had to use one of the security holes and start cmd.exe in interactive mode wit at command (look here for more details). But with Windows Server 2008 it is not possible you will simply get this:
C:\Users\Administrator>time
The current time is: 23:31:11.59
Enter the new time:
C:\Users\Administrator>at 22:32 /interactive cmd.exe
Warning: Due to security enhancements, this task will run at the time
expected but not interactively.
Use schtasks.exe utility if interactive task is required (‘schtasks /?’
for details).
Added a new job with job ID = 1
How to deal with this. There is very easy solution. Set the CruiseContril.NET service “Allow to interact with desktop” flag (Start –> Control Panel –> Administrative Tools –> Services –CruiseControl.NET) like this
Restart the service and wait a while for this windows to appear:
Select show me the message.
Voila! You have command line as Local System user available. You can now issue the
C:\Program Files\svn\bin>svn log https://your_server/svn/your_repository/trunk –username username –password password
command and accept the SSL certificate permanently.
From this time on you CCNet server will not have any problems with accessing your secured repository.
2 Comments
Gary Woodfine
Thank you for the link to my blog in your article, A really good article it is too. I have had to relocate my blog due to server crash and the choice to move to a new blogging platform so the address to the article has changed somewhat. The new address is http://blog.threenine.co.uk/post/2009/01/19/CruiseControl-Accept-SSL-Certificate-Local-System-Account.aspx
I will be updaitng the article within the next few weeks, as I am little unhappy with how the content is presented. Once again thank you for the link it is really appreciated.
Gale Yetsko
Top notch blog post. Want more.