Importing a certificate from the new Octopus template uses possibly wrong CSP

Hello,

I am trying to import a certificate from Octopus using the new step template, however I get the exception “Invalid algorithm specified” when I try to use the private key for signing data afterwards. After doing some research, I can see that the certificate uses “Microsoft Enhanced Cryptographic Provider v1.0”. However, if I manually import the certificate from a pfx file, it gets “Microsoft Enhanced RSA and AES Cryptographic Provider” as a CSP and everything works fine. Do you have any idea?

Best,
Boyan

Hi Boyan,

I believe this is related to an issue another customer reported yesterday.

The “Microsoft CSP” is a property that can be set on the “bag” in the PFX file.
This is not actually a property of the certificate, and as such was being lost in translation when we export the certificate from Octopus to a PFX.

We are going to remedy this ASAP, ensuring that the PFX properties are round-tripped.

We hope to have a solution for this released within the next week. I do hope this doesn’t cause too much inconvenience.

Regards,
Michael

Hi Michael,

Great! Yes, it seems to be the same issue. I will keep an eye with it :slight_smile:

Best,
Boyan

A resolution for this issue was included in release 3.11.13 of Octopus. The PFX attributes (including Microsoft CSP) should be included in the deployed PFX now.

Of course, please let me know if the behaviour still isn’t as expected for you.

Thanks, Michael. It seems to work fine :slight_smile: