You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This issue appears to occur when the certificate was initially imported not by Octopus (i.e. a user other than the user the Tentacle executes as).
The certificate file is written to different places, depending on the circumstances.
For example, it seems that when Octopus imports the certificate for another user (i.e. not the Tentacle) it writes the certificate to the user's registry.
HKEY_USERS
UserName
Software
Microsoft
SystemCertificates
Then, when accessing the certificate as that user, the certificate is moved to their roaming profile:
At this point, importing the certificate again with Octopus may cause the problem; effectively two certificates in the store.
Unfortunately the Windows Crypto API (CAPI) code is not open-source. And I can't find any definitive documentation for the behaviour in situations like this.
Given we are relying on the Windows libraries, I'm not sure exactly how we would resolve this.
I have added a recommendation to our docs to allow Octopus to perform the initial import.
This thread has been automatically locked since there has not been any recent activity after it was closed. If you think you've found a related issue, please contact our support team so we can triage your issue, and make sure it's handled appropriately.
lockbot
locked as resolved and limited conversation to collaborators
Nov 23, 2018
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
To reproduce:
This should result in this code being executed in Calamari.
Instead, the certificate is again added to the store.
Reported by http://help.octopusdeploy.com/discussions/problems/55611
The text was updated successfully, but these errors were encountered: