Solved: There was an error importing the certificate into the store: Certificate does not have a private-key

We’re using octopus 3.11.4 and using the new import certificate step to import a certificate into the windows store that is being imported in Octopus. This certificate doesn’t have a private key and is exported in a existing environment as a DER encoded CER file.
In the import certificate we don’t have the option enabled to mark the certificate as exportable. When i try to run the deployment i receive the following error:

The CER file imports manually without any problems.

11:25:55 Error | There was an error importing the certificate into the store
11:25:55 Error | Certificate does not have a private-key
11:25:55 Error | System.Exception
11:25:55 Error | at Calamari.Integration.Certificates.WindowsX509CertificateStore.SetPrivateKeySecurity(String thumbprint, StoreLocation storeLocation, String storeName, ICollection`1 privateKeyAccessRules) in Z:\buildAgent\workDir\14ffc968155e4956\source\Calamari\Integration\Certificates\WindowsX509CertificateStore.cs:line 77
11:25:55 Error | at Calamari.Commands.ImportCertificateCommand.ImportCertificate(CalamariVariableDictionary variables) in Z:\buildAgent\workDir\14ffc968155e4956\source\Calamari\Commands\ImportCertificateCommand.cs:line 85
11:25:55 Error | at Calamari.Commands.ImportCertificateCommand.Execute(String[] commandLineArguments) in Z:\buildAgent\workDir\14ffc968155e4956\source\Calamari\Commands\ImportCertificateCommand.cs:line 38
11:25:55 Error | at Calamari.Program.Execute(String[] args) in Z:\buildAgent\workDir\14ffc968155e4956\source\Calamari\Program.cs:line 45
11:25:55 Fatal | The remote script failed with exit code 100
11:25:55 Verbose | at Octopus.Worker.Scripting.ScriptResult.EnsureSuccessful() in Z:\buildAgent\workDir\eec88466c176b607\source\Octopus.Worker\Scripting\ScriptResult.cs:line 81
| at Octopus.Server.Orchestration.Deploy.Guidance.Execute(Action callback) in Z:\buildAgent\workDir\eec88466c176b607\source\Octopus.Server\Orchestration\Deploy\Guidance.cs:line 61
| at Octopus.Server.Orchestration.Deploy.DeploymentTaskController.ExecuteWithTransientErrorDetection(Action action, Machine machine) in Z:\buildAgent\workDir\eec88466c176b607\source\Octopus.Server\Orchestration\Deploy\DeploymentTaskController.cs:line 424
| at Octopus.Server.Orchestration.Deploy.DeploymentTaskController.ExecuteActionAndInitLoggingContext(PlannedStep step, Machine machine, PlannedAction action) in Z:\buildAgent\workDir\eec88466c176b607\source\Octopus.Server\Orchestration\Deploy\DeploymentTaskController.cs:line 322


Problem solved, i had a access rule for the private key. When i removed this the deployment was successful.

Hi Marcel,

I’m glad to hear you have it working now.

We apologize, that wasn’t the best experience. I have created an issue to improve this, which we will implement as soon as possible.

Thanks for the feedback. Please don’t hesitate to tell us if there’s anything else we can do to improve this feature.