An error occurred on the mapping CertificateResource.CertificateDataFormat = Certificate.CertificateDataFormat [attempted value was (unknown)]: Signer x not recognised. Signer x not recognised

We just upgraded to the latest version (3.12.0) and seems one of our certificate in the libary is giving the following error

An error occurred on the mapping CertificateResource.CertificateDataFormat = Certificate.CertificateDataFormat [attempted value was (unknown)]: Signer x not recognised.

System.Exception

at Octopus.Server.Web.ResourceMapping.Assign(Object source, Object target, String name, IPropertyAccessor reader, IPropertyAccessor writer, Boolean trim, Boolean toUpper, Boolean isNormalized, Boolean allowReuseExisting) in ResourceMapping.cs:line 367

at Octopus.Server.Web.ResourceMapping.ModelToResource(Object model, Object resource, Object context, Boolean detailed) in ResourceMapping.cs:line 262

at Octopus.Server.Web.ResourceMapping`3.ModelToResource(Object model, Object resource, Object context, Boolean detailed) in ResourceMapping.cs:line 97

at Octopus.Server.Web.ResourceMapper.<>c__DisplayClass15_0`1.b__0(ResourceMapping mapping) in ResourceMapper.cs:line 965

at Octopus.Server.Web.ResourceMapper.ConvertTo[TResource](Object model, ResourceMapperMode mode) in ResourceMapper.cs:line 966

at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at System.Collections.Generic.List1..ctor(IEnumerable1 collection)

at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)

at Octopus.Core.Resources.ResourceCollection1..ctor(IEnumerable1 items, LinkCollection links) in ResourceCollection.cs:line 15

at Octopus.Server.Web.Infrastructure.Api.Responder`1.Collection[TResource](IList resources, Int32 itemsPerPage, Int32 totalResults, LinkCollection links) in Responder.cs:line 130

at Octopus.Server.Web.Api.Actions.Certificates.CertificatesListResponder.Execute() in CertificatesListResponder.cs:line 87

at Octopus.Server.Web.Infrastructure.Api.Responder`1.Respond(TDescriptor options, NancyContext context) in Responder.cs:line 145

at System.Dynamic.UpdateDelegates.UpdateAndExecute3[T0,T1,T2,TRet](CallSite site, T0 arg0, T1 arg1, T2 arg2)

at CallSite.Target(Closure , CallSite , Object , Object , NancyContext )

at Octopus.Server.Web.Api.OctopusRestApiModule.<>c__DisplayClass0_0.<.ctor>b__0(Object o) in OctopusRestApiModule.cs:line 46

at CallSite.Target(Closure , CallSite , Func`2 , Object )

at Nancy.Routing.Route.<>c__DisplayClass4.b__3(Object parameters, CancellationToken context)

–Inner Exception–

Signer 1.3.14.3.2.29 not recognised.

Org.BouncyCastle.Security.SecurityUtilityException

at Org.BouncyCastle.Security.SignerUtilities.GetSigner(String algorithm)

at Org.BouncyCastle.Crypto.Operators.Asn1VerifierFactory.CreateCalculator()

at Org.BouncyCastle.X509.X509Certificate.CheckSignature(IVerifierFactory verifier)

at Org.BouncyCastle.Pkcs.Pkcs12Store.GetCertificateChain(String alias)

at Octopus.Core.Certificates.CertificateParser.ReadPfx(Byte[] rawCert, String password) in CertificateParser.cs:line 65

at Octopus.Core.Certificates.CertificateParser.ParseCertificate(Byte[] rawCert, String password) in CertificateParser.cs:line 29

at System.Lazy`1.CreateValue()

at System.Lazy`1.LazyInitValue()

at Octopus.Core.Model.Certificate.get_CertificateDataFormat() in Certificate.cs:line 44

at Octopus.Server.Web.ResourceMapping.PropertyAccessor`2.Get(Object source) in ResourceMapping.cs:line 442

at Octopus.Server.Web.ResourceMapping.Assign(Object source, Object target, String name, IPropertyAccessor reader, IPropertyAccessor writer, Boolean trim, Boolean toUpper, Boolean isNormalized, Boolean allowReuseExisting) in ResourceMapping.cs:line 319

Hi Marcel,

In version 3.12.0 of Octopus we introduced support for certificate-chains (as you probably know). As part of that implementation, if your uploaded PFX file contains a chain, we attempt to parse the chain of certificates. We use the BouncyCastle library to do this. Unfortunately it doesn’t recognize the algorithm identifier used to sign your certificate.

I’m assuming the algorithm used is 1.3.14.3.2.29 - SHA1 with RSA signature. It seems this is used by default by Microsoft’s makecert.exe utility.

You are not the only customer to report this. I have created an issue for it.

We are working right now on getting a build out that will resolve this. We’ll keep you updated.

We’re sincerely sorry for the inconvenience.

Regards,
Michael

Marcel,

A resolution for this issue was shipped in Octopus 3.12.2.