1Answer
  • 5
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Thoughtworks Go server and SSL

How do you change which SSL cert Go server uses? We've got a mismatch between the domain in the cert and domain we actually use to access the server. So we always get cert issues even after adding the cert to the local store.

There is a suggested work around for this problem described here: http://sachinsudheendra.github.io/2014/03/08/using-go-cd-with-custom-certificates.html

Haven't tried it yet but will be doing so soon so will post results here when I have tried it.

Edit: I tried this today and can confirm it works fine.

Tested using OpenSSL 64-bit http://slproweb.com/download/Win64OpenSSL-1_0_0l.exe

Steps to reproduce (on Windows Server 2012 R2 using GO version 13.4):

(Assumes you have already created a DNS entry for the name you wish to use e.g. mycdserver.mycompany.com)

(These steps can be performed on any machine with OpenSSL installed)

  1. Obtain a valid X509 SSL certificate either using an internal certificate authority or from a public certificate authority with a CN matching the DNS entry e.g. mycdserver.mycompany.com
  2. Import the certificate into the Windows certificate store
  3. Using the certificates MMC snap-in, export the certificate as a .pfx file specifying a password of serverKeystorepa55w0rd
  4. Export the key file from the .pfx source file using the following command:

    openssl pkcs12 -in mycertificatepath.pfx -nocerts -out mycertificatepath.key

  5. Export the crt file from the .pfx source file using the following command:

    openssl.exe pkcs12 -in mycertificatepath.pfx -clcerts -nokeys -out mycertificatepath.crt

  6. Convert the key file and crt file into a pkcs12 file using the following command:

    openssl pkcs12 -inkey mycertificatepath.key -in mycertificatepath.crt -export -out mycertificatepath.pkcs12

(These steps should be performed on the server)

  1. On the server, open a command prompt as Administrator
  2. Navigate to the directory where the Java Runtime Environment binaries are installed. The default path is C:\Program Files (x86)\Go Server\jre\bin
  3. Import the PKCS12 file produced in the earlier steps into a keystore file using the KeyTool executable in the bin directory using the following command:

    keytool -importkeystore -srckeystore mycertificatepath.pkcs12 -srcstoretype PKCS12 -destkeystore keystore -srcalias 1 -destalias cruise

  4. Stop the Go Server service using the following command:

    net stop "Go Server"

  5. Start the Go Server service using the following command:

    net start "Go Server"

  6. Verify that the service has started correctly and try to navigate to the url corresponding to your certificate over https e.g. mycdserver.mycompany.com

  7. You may need to close your browser first however once reopened you should see your GO server over HTTPS with valid certificate (assuming your client is setup to trust the certificate authority that issued the certificate!)

If there are any problems then the GO Server service will stop and details will be logged in the file "C:\Program Files (x86)\Go Server\go-server-wrapper.log"

Hope that helps.

  • 1
Reply Report

Trending Tags