Hello Octo Peeps,
As of Build 2021.1(7500) when i am uploaded a new certificate Octopus.
“Libary > Certificates > Add Certificate”
After I upload the new Cert I am now seeing the subject under the Details in reverse order.
as per your document on page
the order should be
CN= testserver.domain.com
O= Company name
L= Company location
C= Company region
This used to be the case for us
Now we are seeing it like this
C= Company region
L= Company location
O= Company name
CN= testserver.domain.com
When we deploy the cert and use the subject in our configuration file is in the wrong order and fails the deployment.
the cert will show it like this when queried from windows
CN= testserver.domain.com, O= Company name, L= Company location, C= Company region
Octopus will apply the following to our config file when doing a variable replacement
C=Company region,L=Company location,O=Company name,CN=testserver.domain.com
NOTE: The order is incorrect and the space after the , is stripped out. this causes a miss-match when validating a cert
We are deploying to a Windows platform.
is there an easy way for when we get the subject name from the cert that we can reverse the order at the time of deployment?
I ran a test of this on the latest version and on 2020.6 and in both cases saw the reverse ordering in the Subject field.
Which version were you using prior to 2021.1.7500? I’m trying to pinpoint where this may have changed.
As for getting the subject name of the cert, you can do this using certificate variables. Specifically, MyCertificate.Subject or MyCertificate.SubjectCommonName.
I know how to get the variable to return the subject name. is there a way for me to reverse that value as a quick fix?
Unfortunately, I don’t know the version we had before but it was on the long-term branch from last year.
We upgraded to put in the fix for the SQL injection and then had to update again because of the page loading time issue around variables.
If I can query our system to show what versions we had in the past I am happy to get that for you
Thanks for following up. I’ll jump in here with Paul as he’s currently offline as part of our UK-based team.
I think the only option for a quick fix would be to essentially override the MyCert.Subjectexpanded property of your certificate variable that Octopus creates from the cert, to put these in the right order and add the space after the comma. Would something like this help? That’d involve creating a new project variable, named MyCert.Subject, and setting the value to the expected right value, e.g. CN= testserver.domain.com, O= Company name, L= Company location, C= Company region
I’m hoping that will prevent the mismatch at validation, but please let us know how you go!
Thanks for following up! I’m sorry I dropped the ball on this one. I raised the following bug report for you to track after reproducing this bug again in latest.
Great to hear the workaround helped, but my apologies for the inconvenience this has caused you. Please let us know if you have any questions or concerns going forward!
