Anyone deploying RavenDB client certificates with Octopus Deploy?

[georgiosd]

This is very weird... I've asked Octopus to deploy my client certificate.

If I manually add the certificate to the machine (in the same place), the authentication happens fine.

If it is deployed by Octopus, I get:

Unhandled Exception: Raven.Client.Exceptions.AllTopologyNodesDownException: Tried to send 'GetDocumentCommand' request via `GET /databases/x/docs?startsWith=arbs%2F&start=0&pageSize=1` to all configured nodes in the topology, all of them seem to be down or not respondin 
g. I've tried to access the following nodes: https://x.y.io ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.Http.WinHttpException: The client certifi 
cate credentials were not recognized 
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
   at System.Threading.Tasks.RendezvousAwaitable`1.GetResult() 
   at System.Net.Http.WinHttpHandler.<StartRequest>d__105.MoveNext() 
   --- End of inner exception stack trace --- 
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 
   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
   at System.Net.Http.HttpClient.<FinishSendAsyncUnbuffered>d__59.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 

Any ideas?

[Oren Eini (Ayende Rahien)]

How are you loading the certificate?

Hibernating Rhinos Ltd  

Oren Eini l CEO l Mobile: + 972-52-548-6969

Office: +972-4-622-7811 l Fax: +972-153-4-622-7811

 

--
You received this message because you are subscribed to the Google Groups "RavenDB - 2nd generation document database" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ravendb+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Georgios Diamantopoulos]

Same way both times...

X509Store x509Store = new X509Store(StoreLocation.LocalMachine);

            x509Store.Open(OpenFlags.ReadOnly);

            var store = new DocumentStore

            {

...

                Certificate = x509Store.Certificates.Find(X509FindType.FindByThumbprint, "thumbprint here", false)[0]

--
You received this message because you are subscribed to a topic in the Google Groups "RavenDB - 2nd generation document database" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ravendb/7DDS5ZCae8Q/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ravendb+unsubscribe@googlegroups.com.

[Oren Eini (Ayende Rahien)]

At a guess, look at which store you are loading it into. I think that you should try the local user, not local machine

[Georgios Diamantopoulos]

But why would it work when I'm installing from the wizard and storing in the same store?

Maybe it's a permissions thing, hm... thanks!

[georgiosd]

For anyone seeing this, it was indeed a permissions thing - which you can view/edit manually by right clicking on the certificate and Manage Private keys.

It turns out that the wizard sets perms for the current user while Octopus does so for the agent's user only.