Hi - We are trying to update openHistorian for use with a CA signed certificate. We have tried updating the LocalCertificate option in the openHistorian.exe.config file to reference the new .cer file. Everytime the service is restarted the new .cer file has the default certificate detail written back to it. What are we missing?
Thanks.
Hi Justin,
I had that same problem when I tried it. Basically, the service works really hard to make sure the certificate it uses at startup is one that it has access to because the console interface will be completely inaccessible otherwise. If it can’t use the certificate you told it to use, it will attempt to find a usable one to replace it with or even generate its own, which must be why yours keeps getting replaced. The system will produce a detailed log of events if the process fails to get a usable certificate, but it’s a lot less verbose if the process succeeds. So the trick could be to make sure the process fails so you can pull the detailed log. Unfortunately, this may be a bit of a fool’s errand, as there is no easy way to access the NT SERVICE\openHistorian's personal certificate store to delete any certificates it may have already generated for itself.
The simplest thing you could try would be to export your certificate with the private key to a file, place it in the openHistorian installation directory, then use the ManageCertificate console command to import that file into the NT SERVICE\openHistorian's personal certificate store. The import command will also export the .cer file and replace it automatically so there shouldn’t be anything more you need to do. After running the command, try restarting the service and check to see whether the correct certificate is still in the right place.
If that doesn’t work, I can try to walk you through the process of getting the detailed logs.
Thanks,
Stephen