Octopus Invalid Cert - Cannot Archive to Delete

unknown
usability
server
(Alex) #1

Hi Support,

We recently upgraded our Octopus Test server from v2019.3.5 to v2019.3.8 to resolve the certificate index search issue, which it did. See: https://github.com/OctopusDeploy/Issues/issues/5575

But we still cannot archive invalid certs in order to delete them.

I was able to delete invalid certs that had already been archived.

Is there anything we can try on our end within this LTS release? Or was this added to another release?

Thanks,
Alex

(Tina) #3

Hi Alex,
Thanks for getting in touch. Sorry to hear you’re still unable to archive invalid certificates.

The indexing search issue and the inability to archive certificates are most likely not related. Can you send me the error or behavior you see once you click “OK”?

Looking forward to getting to the bottom of this issue.

(Alex) #4

Hi Tina,

So when I click OK, it’s just unresponsive. It doesn’t throw an error.

I captured a screen with the network status.

(Tina) #5

Hi Alex,
Thanks for the follow-up.

You may be indirectly affected by this issue, https://github.com/OctopusDeploy/Issues/issues/5955, resolved in version v2019.10.5. Although this issue is likely unrelated to you’re inability to archive certs, the workaround (see below) may get you passed the “Invalid Certificate” error and possibly allow you to delete the cert.

“Alternatively, you can force Bouncy Castle to ignore the validation by adding an Org.BouncyCastle.Asn1.AllowUnsafeInteger environment variable, which must be made available to the process running the Octopus Deploy Server service.”

Give this a try and let me know how it goes.

Thank you,

Tina

(Alex) #6

Thank you Tina. I will check with my colleague and try this on our Octopus Test server.

–Alex