Search code examples
octopus-deploy

Octopus-deploy build server seems to think that it needs different thumbprint than originally indicated

I am getting the following error when attempting to connection to a listening agent on a deployment target (the thumbprints and server names where obfuscated, aliasing the 2 thumbprints involved with AAAAA & BBBBB ):

An error occurred when sending a request to 'https://TARGETSERVER:10933/', after the request began: The server at https://TARGETSERVER:10933/ presented an unexpected security certificate. We expected the server to present a certificate with the thumbprint 'AAAAA'. Instead, it presented a certificate with a thumbprint of 'BBBBB' and subject 'CN=Octopus Tentacle'. This usually happens when the client has been configured to expect the server to have the wrong certificate, or when the certificate on the server has been regenerated and the client has not been updated. It may also happen if someone is performing a man-in-the-middle attack on the remote machine, or if a proxy server is intercepting requests. Please check the certificate used on the server, and verify that the client has been configured correctly.

I checked the Tentacle configuration and it showed the following:

{"Octopus": {
"Home": "/etc/octopus/Tentacle",
"Watchdog": {
  "Enabled": false,
  "Instances": "*",
  "Interval": 0
}
},
"Tentacle": {
"CertificateThumbprint": "BBBBB",
"Communication": {
  "TrustedOctopusServers": [
    {
      "Thumbprint": "AAAAA",
      "CommunicationStyle": 1,
      "Address": null,
      "Squid": null,
      "SubscriptionId": null
    }
  ]
},
"Deployment": {
  "ApplicationDirectory": "/home/Octopus/Applications"
},
"Services": {
  "ListenIP": null,
  "NoListen": false,
  "PortNumber": 10933
}
}
}

So the thumbprint for the tentacle is shown to be BBBBB yet the error response seems to indicate that the build server expected AAAAA to come from the server, what should i do so that the build server (which i do not have easy access to) and the target server understand the correct thumbprints to exchange?

Solution

  • We expected the server to present a certificate with the thumbprint 'AAAAA'. Instead, it presented a certificate with a thumbprint of 'BBBBB' and subject 'CN=Octopus Tentacle'.

    If the thumbprints have been aliased consistently, this message makes me think the wrong value was added to the Thumbprint field on the Target page in Octopus.

    The value for Thumbprint in the communication section on the Target page (screenshot below) should match the BBBBB value in your Tentacle config file. The AAAAA value is the Octopus Server certificate thumbprint that the Tentacle needs to know to accept communications from known servers. The BBBBB value is the Octopus Tentacle certificate thumbprint that the Server needs to know so that it is communicating with known targets.

    target screen