Is it possible to create a Self-Signed Certificate using a specific key algorithm?

I’m using the Octopus Certificates feature to store certificates that are used in signing SAML2 xml messages. If I create a self-signed certificate via the Add Certificate feature, it creates a new certificate that uses a certificate key algorithm that is not supported by .NET (without refactoring).

It looks like the self-signed certificates created by Octopus use ECD as a key algorithm, which causes an exception in .NET code that looks something like:

            var certs = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
            var cert = certs[0];

            // Exception here when accessing cert.PublicKey.Key "The certificate key algorithm is not supported."
            Console.WriteLine($"Pub Key Algorythm: {cert.PublicKey.Key.SignatureAlgorithm}");

Is it possible to generate Self-Signed certificates using another key Algorithm that is supported by .NET?

Note: I appreciate it may well be possible to re-factor the C# code to use cert.GetECDsaPrivateKey(), but the code is in a library that is out of my control :frowning:

Hi @rik.crompton,

Thanks for getting in touch!

Unfortunately, the Add Certificate option is fairly basic without the ability to make these kinds of changes.
You could raise this as a change request on our uservoice (https://octopusdeploy.uservoice.com).

Other than re-factoring the code the other option would be to create the self-signed certificate outside of Octopus with the correct key algorithm and then add it to the Octopus Certificate library either via the UI or programmatically using the octopus.client (OctopusDeploy-Api/CreateCertificate.cs at master · OctopusDeploy/OctopusDeploy-Api · GitHub) or REST API (OctopusDeploy-Api/CreateCertificate.ps1 at master · OctopusDeploy/OctopusDeploy-Api · GitHub)

Regards,
Paul

Thanks for the swift reply @paul.calvert
I’ll generate the certificate and upload manually for now. :slight_smile:

1 Like