Trouble with the Import Certificate to Windows Certificate Store step template

We have experienced what seems to be the excact same symptoms as described in this earlier thread (which is now locked - else I’ve would have written there):

For us Octopus would also report the certificate being installed, but when we inspected the machines where it was to be installed it was not there.

One thing to notice is that after we installed the certificate manually, octopus still also installed the certificate - resulting in the same certificate being there twice on one server (but only once on the other). On subsequent deploys it then reported that the certificate was already installed. We then tried removing the certificate, and then Octopus could successfully deploy it.

Our hypothesis is that Octopus cannot deploy a certificate into a certificate folder that has not yet been used - maybe due to missing “Certificates” folder (when looking at the “Personal” certificates folder, it has a “Certificates” subfolder where the certificates are located, but the “Certificates” folder is not there if no certificates were ever imported to the “Personal” folder).

Hi Mortl,

My apologies for the late reply. I’ll need you to provide some more details of your Octopus Step. Could you please let me know:

Store Location (and Custom User value if you've chosen "Custom User")
Store Name

One culprit that I have seen, that has caused issues in the past is with regard to setting the user to “CurrentUser”. “CurrentUser” evaluates to “LocalSystem” when run as an Octopus step. This makes it difficult to find the certificate. If this is what was initially set the certificate should be visible here: HKEY_USERS/S-15-18/Software/Microsoft/SystemCertificates/Personal/Certificates

If the above doesn’t apply to you, could you please do the following:
Set a variable within your project

Name: OctopusPrintEvaluatedVariables
Value: True

After you run the step again, please send through a copy of the raw logs. You can get this by clicking on “Task Logs” -> “Raw”.

Looking forward to hearing how you get on.



Hi Dane

We used the “My” (Personal) store. The user was set to “Custom user”, a specific domain user (I’m not sure I’m allowed to disclose the user name).

Since we had to move along we’ve used manual workarounds, so I currently don’t have a setup where I can reproduce the problem. And unfourtunately I currently don’t have the time to set one up.

Kind regards,

Thank you for letting me know Morten,

As soon as you have the time to reproduce, I would be happy to go through your RAW log files so we can get to the bottom of it.

Happy deploying.


This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.