I have a pfx file I would like to load as a certificate to deploy to our Kubernetes clusters as a TLS secret. I apparently cannot import a certificate with an intermediate chain, and the private key. The key exists for the leaf cert, but obviously not for the chain certs. I don’t have control over the ordering of the bags, as this cert was sent from the CA as-is. The first cert in the pfx is not the leaf cert, so the import looks for the intermediate private key and fails.
Installing the bare cert, with out the intermediate will not work, as the final location on the k8s cluster will need the full certificate chain, not just the leaf cert.
Error from octopus.server.exe:
Importing the certificate stored in PFX file in C:\Users*.pfx using the provided password…
PFX file C:\Users*.pfx contains multiple certificates, taking the first one.
The X509 certificate CN=xxxxxxxx, O=xxxxx, C=US was loaded but the private key was not loaded.
Furthermore, the private key file could not be located: Unable to obtain private key file name
Unable to load X509 Certificate file. The X509 certificate file you provided does not include the private key. Please make sure the private key is included in your X509 certificate file and try again.
at Octopus.Shared.Security.Certificates.CertificateEncoder.FromPfxFile(String pfxFilePath, String password)
at Octopus.Shared.Startup.AbstractCommand.Start(String commandLineArguments, ICommandRuntime commandRuntime, OptionSet commonOptions)
at Octopus.Shared.Startup.ConsoleHost.Run(Action`1 start, Action shutdown)
at Octopus.Shared.Startup.OctopusProgram.RunHost(ICommandHost host)
Terminating process with exit code 100
Full error details are available in the log files at:
If you need help, please send these log files to https://octopus.com/support
May be related to https://github.com/OctopusDeploy/Issues/issues/3212