We are setting up SSL on our site. We are load balanced behind an F5 and the SSL certs are installed on the LB. When we try to deploy IIS looks for the cert on the local machine. Thus we get the error below. Is there anyone to create a deployment step that indicates the cert is on the LB?
Could not find certificate under Cert:\LocalMachine with thumbprint
********. Make sure that the certificate is
installed to the Local Machine context and that the private key is available.
The reason Octopus is trying to configure the certificate is because the IIS binding configuration is specifying HTTPS. In situations where the SSL connection is terminated at an F5, generally the traffic between the load-balancer and the web-server is over HTTP.
In other words, I believe you should configure your IIS bindings in Octopus to use HTTP, not HTTPS. Does this seem an appropriate solution to you?
This doesn’t solve my problem. I need https and I can get that working manually by generating self-signed certs and get the site bound to them. Site would then get the correct cert going through the load balancer. However, since we’re using Octopus to do the site deploys it’ll get rid of any bindings not specified. Trying to bind the 443 to the cert we have on the machine wasn’t working as Octopus appears to only be looking in the “Cert:\LocalMachine” rather than the “Cert:\LocalMachine\My”. How do we fix this binding issue so that everytime we deploy we don’t have to go back in manually and fix the bindings.
Octopus will look recursively under
Cert:\LocalMachine for the certificate, so it will find it in
Cert:\LocalMachine\My. The two requirements are:
- The certificate thumbprint must match
- The certificate must have the private-key
Does your certificate have the private-key?