I’ve been exploring the new Octopus certificates feature to handle deployment of self-signed client certificates that we use to sign JWT tokens for authorising REST requests with Salesforce.
The certificate in question has been created with OpenSSL, and exported a PFX file via openssl’s ‘pkcs12’ command. In this case we explicity set the CSP as well (see http://hintdesk.com/c-how-to-fix-invalid-algorithm-specified-when-signing-with-sha256/ for more).
I can store the certificate fine. If I download the certifiicate in the original format I get the same file back. However if I export as PFX (which the certificate originally was) then the CSP attribute appears to have been stripped from the certificate.
I need to get the certificate into an Azure App Service web site, and implemented a custom Powershell step to do this using the Kudi VFS API to upload files. However the .Pfx property of the certificate variable doesn’t give me the certificate in that format with the CSP attribute in tact, and there doesn’t seem to be another way to get the certificate in its original PKCS12/.pfx format.