Is there an AppVeyor Self Signed Trusted Certificate on the build VM for testing SSL

James Skimming's Avatar

James Skimming

13 Feb, 2015 12:49 AM

I'm currently setting up integration tests for a web site and I want to test it works over SSL (actually I want to test the site enforces SSL).

I've been researching how to automate the addition of a self signed certificate, which is relatively simple using the following PowerShell script (using this SO answer).

Import-Module WebAdministration
Set-Location IIS:\SslBindings
New-WebBinding -Name "Default Web Site" -IP "*" -Port 443 -Protocol https
$c = New-SelfSignedCertificate -DnsName "myexample.com" -CertStoreLocation cert:\LocalMachine\My
$c | New-Item 0.0.0.0!443

Unfortunately the certificate is not trusted by a .net client (testing the Web API components) or a browser (selenium to test the pages).

I think I can eventually solve this, by further scripting, but I was wondering if there could be an out-of-the-box solution, whereby the build VM comes with a ready made trusted self signed root certificate, that can be used in the site bindings specified with the Deployment Agent setting <artifact_name>.certificate (from here).

  1. Support Staff 1 Posted by Feodor Fitsner on 13 Feb, 2015 01:42 AM

    Feodor Fitsner's Avatar

    Is it like adding generated certificate to trusted root?

    https://social.technet.microsoft.com/Forums/en-US/8e016573-9191-415...

  2. 2 Posted by James Skimming on 13 Feb, 2015 02:44 PM

    James Skimming's Avatar

    Yeah, that's it. I've got it working now.

    I've added an external PowerShell script (InstallSelfSignedCert.ps1) which looks like this:

    $cert = New-SelfSignedCertificate -DnsName ("localtest.me","*.localtest.me") -CertStoreLocation cert:\LocalMachine\My
    $rootStore = Get-Item cert:\LocalMachine\Root
    $rootStore.Open("ReadWrite")
    $rootStore.Add($cert)
    $rootStore.Close();
    
    Import-Module WebAdministration
    Set-Location IIS:\SslBindings
    New-WebBinding -Name "Default Web Site" -IP "*" -Port 443 -Protocol https
    $cert | New-Item 0.0.0.0!443
    

    I'm manually adding the site binding, as when I tried with the Deployment Agent settings, it failed to locate the certificate, as it has no name and I don't know the thumbprint.

    I have to execute it as a command that executes PowerShell like this yml:

    before_deploy: PowerShell .\InstallSelfSignedCert.ps1
    

    If in-line the PowerShell script into the yml, or execute it like this:

    before_deploy:
      - ps: .\InstallSelfSignedCert.ps1
    

    I get the this error in the build after the scrip executes Unable to create a new user process.

    If you want more info on the Unable to create a new user process. problem let me know, but I have an perfectly workable solution that i'm happy with so it's no biggie.

  3. Support Staff 3 Posted by Feodor Fitsner on 14 Feb, 2015 01:48 AM

    Feodor Fitsner's Avatar

    Brilliant! Thanks for the great solution - it's worth adding to docs for future generations :)

    Regarding "unable to create a new user process" - I'm just wondering the line where it comes from.

  4. Support Staff 4 Posted by Feodor Fitsner on 14 Feb, 2015 01:52 AM

    Feodor Fitsner's Avatar

    I've added your solution here: http://www.appveyor.com/docs/deployment/local#installing-self-signe...

    Feel free to send PR if you'd like to update it.

  5. James Skimming closed this discussion on 16 Feb, 2015 11:58 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac