Is there an AppVeyor Self Signed Trusted Certificate on the build VM for testing SSL

James Skimming's Avatar

James Skimming

13 Feb, 2015 12:49 AM

I'm currently setting up integration tests for a web site and I want to test it works over SSL (actually I want to test the site enforces SSL).

I've been researching how to automate the addition of a self signed certificate, which is relatively simple using the following PowerShell script (using this SO answer).

Import-Module WebAdministration
Set-Location IIS:\SslBindings
New-WebBinding -Name "Default Web Site" -IP "*" -Port 443 -Protocol https
$c = New-SelfSignedCertificate -DnsName "" -CertStoreLocation cert:\LocalMachine\My
$c | New-Item!443

Unfortunately the certificate is not trusted by a .net client (testing the Web API components) or a browser (selenium to test the pages).

I think I can eventually solve this, by further scripting, but I was wondering if there could be an out-of-the-box solution, whereby the build VM comes with a ready made trusted self signed root certificate, that can be used in the site bindings specified with the Deployment Agent setting <artifact_name>.certificate (from here).

  1. Support Staff 1 Posted by Feodor Fitsner on 13 Feb, 2015 01:42 AM

    Feodor Fitsner's Avatar

    Is it like adding generated certificate to trusted root?

  2. 2 Posted by James Skimming on 13 Feb, 2015 02:44 PM

    James Skimming's Avatar

    Yeah, that's it. I've got it working now.

    I've added an external PowerShell script (InstallSelfSignedCert.ps1) which looks like this:

    $cert = New-SelfSignedCertificate -DnsName ("","*") -CertStoreLocation cert:\LocalMachine\My
    $rootStore = Get-Item cert:\LocalMachine\Root
    Import-Module WebAdministration
    Set-Location IIS:\SslBindings
    New-WebBinding -Name "Default Web Site" -IP "*" -Port 443 -Protocol https
    $cert | New-Item!443

    I'm manually adding the site binding, as when I tried with the Deployment Agent settings, it failed to locate the certificate, as it has no name and I don't know the thumbprint.

    I have to execute it as a command that executes PowerShell like this yml:

    before_deploy: PowerShell .\InstallSelfSignedCert.ps1

    If in-line the PowerShell script into the yml, or execute it like this:

      - ps: .\InstallSelfSignedCert.ps1

    I get the this error in the build after the scrip executes Unable to create a new user process.

    If you want more info on the Unable to create a new user process. problem let me know, but I have an perfectly workable solution that i'm happy with so it's no biggie.

  3. Support Staff 3 Posted by Feodor Fitsner on 14 Feb, 2015 01:48 AM

    Feodor Fitsner's Avatar

    Brilliant! Thanks for the great solution - it's worth adding to docs for future generations :)

    Regarding "unable to create a new user process" - I'm just wondering the line where it comes from.

  4. Support Staff 4 Posted by Feodor Fitsner on 14 Feb, 2015 01:52 AM

    Feodor Fitsner's Avatar

    I've added your solution here:

    Feel free to send PR if you'd like to update it.

  5. James Skimming closed this discussion on 16 Feb, 2015 11:58 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac