Problems Configuring HTTPS

indiwaindiwa Posts: 4 Bronze 1
in Redgate Monitor
We followed the instructions at:


Regardless whether using a PFX file with a password or a certificate from the localmachine\my store, after restarting the SQL Monitor Web Service, the service immediately stops again.

The certificate is a valid Lets-Encrypt certificate, we tried a wildcard certificate and one for a specific host name.

The logs in:

C:\ProgramData\Red Gate\Logs\SQL Monitor\Website*

don't show any errors

After changing Warning to Debug in:

C:\Program Files\Red Gate\SQL Monitor\Web\RedGate.SqlMonitor.Service.Web.logging.jsonc
C:\Program Files\Red Gate\SQL Monitor\Web\RedGate.SqlMonitor.UI.Website.logging.jsonc

I get more information, but nothing really helpful.

Also adding the new thumbprint to:

C:\ProgramData\Red Gate\SQL Monitor\RedGate.SqlMonitor.AuthorizedClients.config

did not help

What else can we try here?

BTW The PowerShell script on the documentation page linked below does not work for non-English servers.
Tagged:
· Share on Twitter

Answers

  • dkim1999dkim1999 Posts: 85 Bronze 2
    Hi there,

    Thank you for reaching out and I apologize that you are running into issues with SQL Monitor.

    Can you make sure that you have properly copied the Webserver.Kestrel.Config file into the ProgramData folder while leaving the unedited, original copy in the ProgramFiles folder?

    In addition, can you please send over your Webserver.Kestrel.Config file to make sure that you have configured it properly?

    Thank you!
    David Kim,
    Product Support Engineer
    · Share on Twitter
  • indiwaindiwa Posts: 4 Bronze 1
    Hi David,

    C:\Program Files\Red Gate\SQL Monitor\Web\Webserver.Kestrel.config is unchanged and only has the http Port 80 endpoint.

    C:\ProgramData\Red Gate\SQL Monitor\Webserver.Kestrel.config

    has the following content:

    <?xml version="1.0" encoding="utf-8"?>
    <configuration>
      <kestrel>
        <endpoints>
          
          <http>
            <url>http://*:80</url&gt;
          </http>
         
          <https>     
            <url>https://*:443</url&gt;
            <certificate>
              <subject>*.name.com</subject>
              <store>My</store>
              <location>LocalMachine</location>
              <allowInvalid>false</allowInvalid>
            </certificate>        
         </https>      
        
        </endpoints>
      </kestrel>
    </configuration>

    The closing url tag is broken here, but is correct in the config file.

    I made sure I only have one certificate with the matching subject in LocalMachine\My but but there could be more, it would be better to use the thumbprint to identity the certificate.

    · Share on Twitter
  • indiwaindiwa Posts: 4 Bronze 1
    I found the problem. While there was no IIS installed on the server, Window's http.sys kernel driver was active and felt responsible for all https requests on the server. In our case this was because we had installed the Windows Admin Center gateway on the same server as SQL Monitor.

    To solve this I added a second IP to the server. The I limited http.sys to one of the IP addresses.

    In the Webserver.Kestrel.config I configured the other IP for SQL Monitor.

    After doing this the services starts and https for the site works.

    · Share on Twitter
  • dkim1999dkim1999 Posts: 85 Bronze 2
    Hi there,

    I am glad to hear that you have fixed the issue.

    If you have any other questions, feel free to reach out!

    Kind Regards,
    David Kim
    Product Support Engineer
    · Share on Twitter
Sign In or Register to comment.