Enabling SSL

I’m trying to enable SSL but I have two problem

First the SSL field validation in the web ui is set to number only, as soon as I enter a letter the field becomes red

Second I have loaded my Certificate in Personal store of Local System then copyed my ssh thumbprint in config.xml without space.
But when I start nzbdrone.exe as administrator I get the following error

13-9-26 15:00:09.3|Info|Bootstrap|Starting NzbDrone Console. Version 2.0.0.621
13-9-26 15:00:09.7|Info|MigrationLogger|*** Migrating data source=C:\ProgramData\zbDrone
zbdrone.db;cache size=-10485760;datetimekind=Utc;journal mode=Wal ***
13-9-26 15:00:09.8|Info|MigrationLogger|*** Migrating data source=C:\ProgramData\zbDrone\logs.db;cache size=-10485760;datetimekind=Utc;journal mode=Wal ***
13-9-26 15:00:09.9|Info|Router|Application mode: Interactive
13-9-26 15:00:09.9|Info|netsh.exe|Starting netsh.exe http show sslcert ipport=0.0.0.0:9890
13-9-26 15:00:10.1|Fatal|ConsoleApp|EPIC FAIL!

System.FormatException: Input string was not in a correct format.
at System.Text.StringBuilder.AppendFormat(IFormatProvider provider, String format, Object[] args)
at System.String.Format(IFormatProvider provider, String format, Object[] args)
at System.String.Format(String format, Object arg0, Object arg1, Object arg2)
at NzbDrone.Host.AccessControl.SslAdapter.Register() in m:\buildAgent2_work\bc9a5cca09497250\zbDrone.Host\AccessControl\SslAdapter.cs:line 39
at NzbDrone.Host.Owin.OwinHostController.StartServer() in m:\buildAgent2_work\bc9a5cca09497250\zbDrone.Host\Owin\OwinHostController.cs:line 54
at NzbDrone.Host.NzbDroneServiceFactory.Start() in m:\buildAgent2_work\bc9a5cca09497250\zbDrone.Host\ApplicationServer.cs:line 47
at NzbDrone.Host.Router.Route(ApplicationModes applicationModes) in m:\buildAgent2_work\bc9a5cca09497250\zbDrone.Host\Router.cs:line 50
at NzbDrone.Host.Bootstrap.Start(StartupArguments args, IUserAlert userAlert) in m:\buildAgent2_work\bc9a5cca09497250\zbDrone.Host\Bootstrap.cs:line 30
at NzbDrone.Console.ConsoleApp.Main(String[] args) in m:\buildAgent2_work\bc9a5cca09497250\zbDrone.Console\ConsoleApp.cs:line 20

Any suggestion ?

Build 623 fixes the Startup issue, but there seems to be something else not working with it. I need to look into it further, as for the cert hash in the UI, I’ll fix that up.

That was quick :stuck_out_tongue: Now it’s starting but I can’t connect to the ssl address

Log (hash removed):
13-9-26 16:40:38.2|Info|Bootstrap|Starting NzbDrone Console. Version 2.0.0.623
13-9-26 16:40:38.5|Info|MigrationLogger|*** Migrating data source=C:\ProgramData\zbDrone
zbdrone.db;cache size=-10485760;datetimekind=Utc;journal mode=Wal ***
13-9-26 16:40:38.7|Info|MigrationLogger|*** Migrating data source=C:\ProgramData\zbDrone\logs.db;cache size=-10485760;datetimekind=Utc;journal mode=Wal ***
13-9-26 16:40:38.7|Info|Router|Application mode: Interactive
13-9-26 16:40:38.8|Info|netsh.exe|Starting netsh.exe http show sslcert ipport=0.0.0.0:9898
13-9-26 16:40:38.8|Info|netsh.exe|Starting netsh.exe netsh http add sslcert ipport=0.0.0.0:9898 certhash=XXXXXXXXXXX appid={XXXXXXXXXXXXXXXXx}
13-9-26 16:40:38.9|Info|netsh.exe|Starting netsh.exe http add urlacl http://:8989/ sddl=D:(A;;GX;;;S-1-1-0)
13-9-26 16:40:38.9|Info|netsh.exe|Starting netsh.exe http add urlacl https://
:9898/ sddl=D:(A;;GX;;;S-1-1-0)
13-9-26 16:40:39.0|Info|OwinHostController|starting server on http://*:8989/
13-9-26 16:40:39.2|Info|lambda_method|Starting NzbDrone API
13-9-26 16:40:39.8|Info|SceneMappingService|Updating Scene mapping

Yeah, doesn’t seem to be actually registering the SSL cert, still looking at that part.

Fixes should be available in 626. I’ve noticed an invisible space in front of the first character of the hash, it causes the cert registration to fail and I can’t programatically remove it, so make sure there isn’t one when saving the config file/settings in the UI.

It’s working ! You guy are giving better support than payed software :stuck_out_tongue: I’ll send you a donation when I have time

By the way two other little issue :
tapatalk 4 (android) says you are using an outdated version of the forum so push notification are disabled
And nzbdrone does not seem to be able to connect to sabnzbd on ssl using https://localhost as the host

Thanks !

1 Like

We aim to please :smiley:

I’ll take a look at tapatalk. Added a card for SSL support with SAB to Trello: https://trello.com/c/XSM5Vmar/401-sabnzbd-connect-over-ssl

I’m trying to replace the certificate by a new one but nzbdrone seems to keep the old cert regardless of the settings in the UI, I restarted after each change yet it keeps the old certificate

Yeah, this is definitely something we overlooked. Added to Trello to deal with this better: https://trello.com/c/FXVW9Qh9/529-support-for-change-ssl-certificate

In the mean time you can manually remove the cert by running: netsh http delete sslcert ipport=0.0.0.0:8989 - replace 8989 with the port you’re using fro drone.

Then restart drone as admin and it should fix it up, if you run into any issues, let me know.

I deleted the sslcert and urlacl but then when I restart nzbdrone as administrator it does not seems to add the new certificate

“netsh http show sslcert” is empty

Nothing relevant in the log

Can you try adding the cert manually?
http add sslcert ipport=0.0.0.0:8989 certhash=YOUR_CERT_HASH appid={C2172AF4-F9A6-4D91-BAEE-C2E4EE680613}

Replace 8989 with your port number (if different) and YOUR_CERT_HASH with your hash/thumbprint

It works, thanks !

Awesome, I’ll get this issue fixed up in a later version, but not sure why it wouldn’t automatically re-add it.

when i try manually adding the binding, i receive this error (in Win7):

SSL Certificate add failed, Error: 1312
A specified logon session does not exist. It may already have been terminated.

what could be going on here?

or i should have said manually adding the cert with the netsh command.

Spaces/extra info in the cert hash would be my guess.

P.S. Please can edit your posts instead of double posting.