Wildcard certificates not working

DurdenTyler · October 4, 2023, 7:47pm

Hello Adam,

we have now updated from 3.7.x to 4.1.4 and if we configure our Wildcard certificate for SSL the Powershell Universal Service does not start any more. In 3.7.x we configured it via Thumbprint because Subject also had issues but in 4.1.4 it is not working at all.

{
  "Kestrel": {
    "Endpoints": {
    "HTTP": {
        "Url": "http://*:80",
        },
      "HTTPS": {
         "Url": "https://*:443",
           "Certificate": {
             "Thumbprint": "12345679",
             "Store": "My",
             "Location": "LocalMachine",
             "AllowInvalid": "true"
           }
      }
    },
        "RedirectToHttps": "true"
  },
  "Plugins": [
    "UniversalAutomation.LiteDBv5"
  ],
  "Data": {
    "RepositoryPath": "D:\\UniversalAutomation\\Repository",
    "ConnectionString": "D:\\UniversalAutomation\\database.db"
  }
}

2023-10-04 20:39:10.773 +02:00 [DBG] Registered model binder providers, in the following order: ["Microsoft.AspNetCore.Mvc.ModelBinding.Binders.BinderTypeModelBinderProvider","Microsoft.AspNetCore.Mvc.ModelBinding.Binders.ServicesModelBinderProvider","Microsoft.AspNetCore.Mvc.ModelBinding.Binders.BodyModelBinderProvider","Microsoft.AspNetCore.Mvc.ModelBinding.Binders.HeaderModelBinderProvider","Microsoft.AspNetCore.Mvc.ModelBinding.Binders.FloatingPointTypeModelBinderProvider","Microsoft.AspNetCore.Mvc.ModelBinding.Binders.EnumTypeModelBinderProvider","Microsoft.AspNetCore.Mvc.ModelBinding.Binders.DateTimeModelBinderProvider","Microsoft.AspNetCore.Mvc.ModelBinding.Binders.TryParseModelBinderProvider","Microsoft.AspNetCore.Mvc.ModelBinding.Binders.SimpleTypeModelBinderProvider","Microsoft.AspNetCore.Mvc.ModelBinding.Binders.CancellationTokenModelBinderProvider","Microsoft.AspNetCore.Mvc.ModelBinding.Binders.ByteArrayModelBinderProvider","Microsoft.AspNetCore.Mvc.ModelBinding.Binders.FormFileModelBinderProvider","Microsoft.AspNetCore.Mvc.ModelBinding.Binders.FormCollectionModelBinderProvider","Microsoft.AspNetCore.Mvc.ModelBinding.Binders.KeyValuePairModelBinderProvider","Microsoft.AspNetCore.Mvc.ModelBinding.Binders.DictionaryModelBinderProvider","Microsoft.AspNetCore.Mvc.ModelBinding.Binders.ArrayModelBinderProvider","Microsoft.AspNetCore.Mvc.ModelBinding.Binders.CollectionModelBinderProvider","Microsoft.AspNetCore.Mvc.ModelBinding.Binders.ComplexObjectModelBinderProvider"]
2023-10-04 20:39:10.959 +02:00 [FTL] Fatal error starting PowerShell Universal.
System.InvalidOperationException: The requested certificate *.de.my-companyname.com could not be found in LocalMachine/My with AllowInvalid setting: True.
   at Microsoft.AspNetCore.Server.Kestrel.Https.CertificateLoader.LoadFromStoreCert(String subject, String storeName, StoreLocation storeLocation, Boolean allowInvalid)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Certificates.CertificateConfigLoader.LoadFromStoreCert(CertificateConfig certInfo)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Certificates.CertificateConfigLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
   at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Reload()
   at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
   at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
   at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
   at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
   at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
   at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
   at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
   at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
   at Universal.Server.Program.<>c__DisplayClass3_0.<Main>b__0(Options o) in C:\actions-runner\_work\universal\universal\src\Universal.Server\Program.cs:line 72
2023-10-04 20:45:54.608 +02:00 [DBG] Hosting starting

I think the asterisks is the reason for the issue if it is used in variables later the binding.

Product: PowerShell Universal
Version: 4.1.4

adam · October 5, 2023, 1:51pm

I’m unaware of any changes made to this in the v4 codebase aside from updating to newer versions of .NET. I would recommend trying to run the script in the KB article to see if it can find the cert.

Tech-TPro · January 30, 2024, 3:47pm

Hey Tyler,
Were you able to get your wildcard cert working? I’m new to Powershell Universal, so I don’t know how it worked in the past, but I am having the same problem with the same error message in version 4.2.11

Tech-TPro · January 30, 2024, 4:10pm

I got mine working. I did two things:

I saw that you were using Thumbprint instead of Subject. This alone didn’t work for me, but it gave a new error about needing an associated private key. (I originally only loaded the .cer file.
I loaded in the .pfx file on the server.

Now it is working as expected.

Topic		Replies	Views
Kestrel, https and trumbprint Universal Dashboard	2	941	December 13, 2022
Configuring for Cert in LocalMachine Store PowerShell Universal	2	404	September 23, 2021
HttpRequestException and AuthenticationException errors PowerShell Universal	10	36	September 10, 2024
HTTPS certificate not found PowerShell Universal	8	6769	October 7, 2022
Errors after updating to 1.4.7, server crashing PowerShell Universal	0	415	November 4, 2020

Wildcard certificates not working

Related topics