Issue with wildcard certificate on install

[tspencer-all]

Hi - I've just done a fresh install of SEQ on a Windows server, and I've setup the listening URL as https://seq.example.corp. I have a *.example.corp wildcard cert in the local machine / personal store. When I start the SEQ service, it stops straight away, and in the error logs show this:

System.InvalidOperationException: The requested certificate seq.example.corp could not be found in LocalMachine/My with AllowInvalid setting: True.\r\n at Microsoft.AspNetCore.Server.Kestrel.Https.CertificateLoader.LoadFromStoreCert(String subject, String storeName, StoreLocation storeLocation, Boolean allowInvalid)\r\n

Is there a way to tell it to use the wildcard rather than trying to match the certificate name? I would prefer not to have to issue a specific cert just for this. I tried using the seq-bindssl command, but it saying that it's not supported under Kestrel. Do I have to change to http.sys as per https://docs.datalust.co/docs/ssl?

C:\Users\pa009999>seq bind-ssl --thumbprint=""
Could not bind the certificate: The current value of the api.webServer setting is Kestrel. Kestrel loads certificates automatically from the Local Computer/Personal certificate store, and cannot be configured using the bind-ssl command.

[nblumhardt]

Hi @tspencer-all, thanks for raising this!

I think, temporarily, switching to HTTP.sys will be the quickest way to get up and running.

We're currently assembling a few patches for 2024.2, I'll have a look into this and see if a fix can be rolled in, I think it's an oversight in how we implemented certificate loading under Kestrel.

[nblumhardt]

Ticket created: #2142

[tspencer-all]

No worries - yep did that and it's working now. Thanks for the response!