Hello,

We have two web servers (one "user acceptance testing", and one production) each of which hosts a website with SSL. On both servers we have generated SSL certificates from our company's root CA and installed those certificates within IIS and the Local Computer certificate store. Every time we reboot the server, the visualcronservice.exe runs operation RegDeleteKey on the registry keys which contain those certificates, which removes them from the store and breaks SSL for the website. It is an easy matter to add the certs back, but this shouldn't be happening. We found this by running ProcMon at boot and identifying the cert thumbprint.

These certificates have nothing to do with VisualCron and were generated and installed independently. Has anyone else seen this type of behavior or found a way to correct this issue?

Thanks!

Here is the code for deleting certificates. We do only delete Certificates in the VC node and only if it contains 2 certificates:



We will remove this code in the future as we will change the way we communicate. Currently, the certs are used for the SSL communication.

---

Hello,

Thanks for the information. So if I read this correctly, this code searches for any certificate with "vc" somewhere in the subject name (FindBySubjectName, according to MSDN, performs a case-insensitive string comparison looking for the supplied value (vc) contained within (not matching) the certificate subject name) and if it finds more than two, it deletes the offending certificate?

I find what I assume are VisualCron certficiates (vc and myvc)in the Local Computer, Personal store, which is where IIS stores its related website SSL certs as well. Our problem is that we have a certificate for a server which includes "**.vcn.***" as part of a fully qualified domain name of the server in question.

As a workaround, I have created a VisualCron job that reinstalls my certificate at boot, but it still concerns me as this is a major website for our business and cannot tolerate any downtime. If for some reason the VisaulCron job does not run, or runs late, it can cause website downtime. When the certificate is removed, it breaks SSL on the website and prevents our vendors from connecting until the certificate is reloaded and the private key reassociated.

Is there a way to disable the SSL feature of VisualCron so it does not perform this action? If not, what is the expected release/version of VisualCron that will not contain this code?

We looked at it again and from next version (7.1.4) we will delete only our certificates (CN=vc and CN=myvc).

It would be great if you wanted to test that this works. We will update you with a beta download for this once published.

Thank you!

---

Thanks again for the information. Please do let me know when this Beta is available. I would be very interested in trying this.

Thanks!

Now available here:

http://www.visualcron.co....aspx?g=posts&t=3851 

---

We recently had a situation running 7.1.8 where the certificates were left on the machine even after reboot. The machine was a VM clone of another machine which had the initial installation. For the replicated machine, we needed to remove the certificates and re-install the VC service to rebuild the certificates. This then allowed us to connect remotely. In the release for 7.1.4+, it was my understanding the certificates would be recreated after each reboot? I'm seeing that after each reboot, an additional certificate for myvc is being created and older certs are not being cleaned up. Has this since been changed?

Thank you for your assistance.

Regards,
Jason

Thanks, we did a second fix on this to clean up old ones. You will see it in the next build. Thanks for the report.

---