Deploy to Service Fabric Client Certificate Issue



We are attempting a deploy to a dev environment which is a secure sf cluster, but are having issues with not being able to set the client certificate.

When setting up a SF Deploy step, we can enter in the server certificate thumbprint but the client certificates require you to select a variable.
Initially none were showing, after clicking + we added a variable called ‘DevCertThumbprint’ and set it’s value to ‘C975E0FE907C4847195C270B749…’ and it’s type to ‘Certificate’.
Back to the deploy step and click refresh will show the new variable ‘DevCertThumbprint’. Saving and creating a release will pick this up variable in the snapshot.

Now when clicking ‘Deploy to Dev’ an error appears ‘Could not find certificate with ID ‘870db0ca-35e5-b5dd-cd1d-d39…’, which is the value of variable ‘DevCertThumbprint’’. This is a guid and not the certificate value I entered into the variable.

I have made sure the certificate is installed on the machine, under both CurrentUser\My and CurrentUser\TrustedUsers and \LocalMachine\My


Found out that under ‘Library’ there is an option to upload the certificate, doing this caused the certificate to be ‘found’. Would be good to get a more explanatory exception message, because the error was saying the value which is not what I set which made me very confused about what I need to fix, a message to include the actual value and are you sure you added it to here /Library/Certificates?, would be better!

(Jayden Platell) #3

Hi Joshua,

Which version of Octopus are you currently using? In version 4.1.2 we improved the experience so that changing the variable type to Certificate asks you to select an installed certificate before you can save the value. You can see the issue in GitHub here.

If you are already using that version or a later one, I’d be interested in seeing if I can reproduce your experience. Let me know either way!



I can see from the menu in the web UI it shows “Octopus v2018.3.1”. Also when deploying using the TeamCity plugin push command shows this information:

Octopus Deploy Command Line Tool, version 4.31.1
Octopus version: 2018.3.1; API version: 3.0.0

So I can not directly see the version 4.1.2 mentioned anywhere in the web UI only in the octo deploy version, but I believe it’s a newer version as we only just recently installed it.

(Jayden Platell) #5


Thank you for that information. I investigated the issue further, and it does appear that it is still possible to set a value for the certificate variable which isn’t actually an installed certificate. My understanding is that this shouldn’t be the case, so I am checking with some of the other developers here to confirm what the behaviour should be, and I’ll get back to you soon with my findings.


(Jayden Platell) #6


I’ve confirmed that the behaviour you observed is not intended and the certificate dialog should not accept an invalid value for a certificate. I’ve created a GitHub issue to track this bug which you can view here and I’ll get started working on a fix. Thank you for bringing it to our attention!