Please note that VisualCron support is not actively monitoring this community forum. Please use our contact page for contacting the VisualCron support directly.


  1. Forum
  2. Support
  3. General problem solving
  4. VisualCronService.exe Deleting SSL Certificates
sfdevlin
2014-02-24T15:30:02Z
Hello,

We have two web servers (one "user acceptance testing", and one production) each of which hosts a website with SSL. On both servers we have generated SSL certificates from our company's root CA and installed those certificates within IIS and the Local Computer certificate store. Every time we reboot the server, the visualcronservice.exe runs operation RegDeleteKey on the registry keys which contain those certificates, which removes them from the store and breaks SSL for the website. It is an easy matter to add the certs back, but this shouldn't be happening. We found this by running ProcMon at boot and identifying the cert thumbprint.

These certificates have nothing to do with VisualCron and were generated and installed independently. Has anyone else seen this type of behavior or found a way to correct this issue?

Thanks!
 Reply
 View All Posts by User
Sponsor
Forum information
Support
2014-02-25T13:07:07Z
Here is the code for deleting certificates. We do only delete Certificates in the VC node and only if it contains 2 certificates:


  Dim certCollection As X509Certificate2Collection
            Dim store As New X509Store(StoreName.My, StoreLocation.LocalMachine)
            store.Open(OpenFlags.ReadWrite)
            certCollection = store.Certificates.Find(X509FindType.FindBySubjectName, "vc", False)

            ' must contain two certificates
            If Not certCollection.Count = 2 Then
                ' delete all certificates
                If certCollection.Count > 0 Then
                    store.RemoveRange(certCollection)
                    LogAPI.Log(False, LogClass.EventT.Debug, "Old certificates removed", Nothing, Nothing)
                End If
            End If


We will remove this code in the future as we will change the way we communicate. Currently, the certs are used for the SSL communication.
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
 Reply
 View All Posts by User
sfdevlin
2014-02-25T13:48:27Z
Hello,

Thanks for the information. So if I read this correctly, this code searches for any certificate with "vc" somewhere in the subject name (FindBySubjectName, according to MSDN, performs a case-insensitive string comparison looking for the supplied value (vc) contained within (not matching) the certificate subject name) and if it finds more than two, it deletes the offending certificate?

I find what I assume are VisualCron certficiates (vc and myvc)in the Local Computer, Personal store, which is where IIS stores its related website SSL certs as well. Our problem is that we have a certificate for a server which includes "**.vcn.***" as part of a fully qualified domain name of the server in question.

As a workaround, I have created a VisualCron job that reinstalls my certificate at boot, but it still concerns me as this is a major website for our business and cannot tolerate any downtime. If for some reason the VisaulCron job does not run, or runs late, it can cause website downtime. When the certificate is removed, it breaks SSL on the website and prevents our vendors from connecting until the certificate is reloaded and the private key reassociated.

Is there a way to disable the SSL feature of VisualCron so it does not perform this action? If not, what is the expected release/version of VisualCron that will not contain this code?
 Reply
 View All Posts by User
Support
2014-02-25T14:09:53Z
We looked at it again and from next version (7.1.4) we will delete only our certificates (CN=vc and CN=myvc).

It would be great if you wanted to test that this works. We will update you with a beta download for this once published.

Thank you!
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
 Reply
 View All Posts by User
sfdevlin
2014-02-26T13:17:14Z
Thanks again for the information. Please do let me know when this Beta is available. I would be very interested in trying this.

Thanks!
 Reply
 View All Posts by User
Support
2014-02-26T14:32:34Z
Now available here:

http://www.visualcron.co....aspx?g=posts&t=3851 
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
 Reply
 View All Posts by User
J Haas
2014-09-24T19:53:45Z
We recently had a situation running 7.1.8 where the certificates were left on the machine even after reboot. The machine was a VM clone of another machine which had the initial installation. For the replicated machine, we needed to remove the certificates and re-install the VC service to rebuild the certificates. This then allowed us to connect remotely. In the release for 7.1.4+, it was my understanding the certificates would be recreated after each reboot? I'm seeing that after each reboot, an additional certificate for myvc is being created and older certs are not being cleaned up. Has this since been changed?

Thank you for your assistance.

Regards,
Jason
 Reply
 View All Posts by User
Support
2014-09-29T09:54:03Z
Thanks, we did a second fix on this to clean up old ones. You will see it in the next build. Thanks for the report.
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
 Reply
 View All Posts by User
Similar Topics
Users browsing this topic
  1. Forum
  2. Support
  3. General problem solving
  4. VisualCronService.exe Deleting SSL Certificates
 

© SMA Technologies. All Rights Reserved, 2024 Version: 11.1.25.5f415ed

Privacy Policy
Terms & Conditions
Sitemap
Scroll to Top