Tuesday, May 01, 2012

CruiseControl .NET, VisualSVN, and SSL Certificates [Field Notes]

This is a quick post for my reference. Let me know if details would be helpful and I'll be happy to turn it into more of a tutorial style.

Problem

I am integrating CruiseControl.NET with VisualSVN. I'm using a self-signed https on VisualSVN that doesn't match. Because I can't get CruiseControl to accept the certificate permanently, I can't get it to check out files.

Solution


  • You should have a local user account for your build process (with only access to what it needs, of course). This is essentially a local service account.
  • Log on to that service account on the local machine.
  • Using the command line, check out the VisualSVN repository into a folder you created and accept the certificate. Something along the lines of "svn.exe checkout https://[servername]:8443/svn/[ProjectName] --username [user] --password [password]" should do it.
  • The certificate message will then pop up. Type "p" to accept it permanently.
  • Now you have an account that has the access you need.
  • Go into services.msc 
  • Set the CruiseControl.NET service to run as the local build user service account, with the password.
  • Restart the CruiseControl.NET
  • It now should have access and acceptance of the certificate.

4 comments:

  1. You can also use 'Network Service' account. However accepting a self-signed certificate is quite tricky in this case.

    To accept a certificate you should use Sysinternals's PsExec utility.
    Execute the following command line to run the command prompt under the Network Service account:

    [[
    psexec -u "nt authority\network service" cmd.exe
    ]]

    Then permanently accept the certificate using the svn.exe on the CruiseControl machine:

    [[
    svn info
    ]]

    You can download PsExec from its official site:
    http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx

    ReplyDelete
    Replies
    1. Bahrep, thanks for your comment -- that's a great idea! Hadn't considered that as an option, and while it might make sense for some to create a local user, this could be a great step for others. I plan to include it in a revision soon. Do you have a link I can link to when I say thanks?

      Delete
    2. Sean,

      I'm with VisualSVN Team and just wanted to share the knowledge about the magic workaround (seeing that you mentioned VisualSVN Server in the post). :)

      Delete
    3. bahrep,

      Then thank you on three counts:

      1) for reading the article
      2) for adding such a thoughtful response, and
      3) for helping to produce one of the easiest, most intuitive ways to use Subversion on a Windows environment. Bravo to you and the VisualSVN team; it's a great piece of software!

      Delete

Keep it classy, folks.