Exception adding Azure Management certificate


Running Octopus Deploy

I was setting up a Microsoft Azure account and providing my own management certificate as a PFX. I received the following exception:

System.ArgumentNullException: Value cannot be null.
Parameter name: certificate
   at System.Security.Cryptography.X509Certificates.X509Store.Add(X509Certificate2 certificate)
   at Octopus.Shared.Security.Certificates.CertificateEncoder.DoFromBase64String(String thumbprint, String certificateString, X509Store store) in y:\work\refs\heads\master\source\Octopus.Shared\Security\Certificates\CertificateEncoder.cs:line 67
   at Octopus.Server.Web.Api.Rules.AzureCertificateThumbprintWillBeSet.AfterMapBeforeStore(AzureAccount model, AzureSubscriptionAccountResource resource, ISpecialRuleContext context) in y:\work\refs\heads\master\source\Octopus.Server\Web\Api\Rules\AzureCertificateThumbprintWillBeSet.cs:line 18
   at Octopus.Server.Web.Infrastructure.Api.Responder`1.ExecuteRules[TRule](Action`2 ruleCallback) in y:\work\refs\heads\master\source\Octopus.Server\Web\Infrastructure\Api\Responder.cs:line 188
   at Octopus.Server.Web.Infrastructure.Api.CreateResponseDescriptor`2.Responder.Execute() in y:\work\refs\heads\master\source\Octopus.Server\Web\Infrastructure\Api\CreateResponseDescriptor.cs:line 52
   at Octopus.Server.Web.Infrastructure.Api.Responder`1.Respond(TDescriptor options, NancyContext context) in y:\work\refs\heads\master\source\Octopus.Server\Web\Infrastructure\Api\Responder.cs:line 162
   at System.Dynamic.UpdateDelegates.UpdateAndExecute3[T0,T1,T2,TRet](CallSite site, T0 arg0, T1 arg1, T2 arg2)
   at CallSite.Target(Closure , CallSite , Object , Object , NancyContext )
   at Octopus.Server.Web.Api.OctopusRestApiModule.<>c__DisplayClass5.<.ctor>b__2(Object o) in y:\work\refs\heads\master\source\Octopus.Server\Web\Api\OctopusRestApiModule.cs:line 46
   at CallSite.Target(Closure , CallSite , Func`2 , Object )
   at Nancy.Routing.Route.<>c__DisplayClass4.<Wrap>b__3(Object parameters, CancellationToken context)

I couldn’t find any information about this error, though I managed to determine that it occurs if the private key is password protected. Recreating the PFX without a password worked fine.

Thought I’d share in case anyone else has the same problem.


Hi Adam

Thanks for getting in touch!

Sorry about this one, looks like a bug so thanks for your investigation and stack trace.

I’ve added a GitHub issue for it https://github.com/OctopusDeploy/Issues/issues/1793 so we can get it sorted in a future build.

Kind regards


Hi Adam,
Thanks for bringing this one up. As we encrypt all the keys and sensitive files within Octopus Deploy, we don’t really have a need for another layer of security around the provided .pfx file.
For this reason at the moment we only accept password free pfx files which ill make sure is made clear on the page.
Ill be also updating the documentation around this account type to make this clear as well as provide a script to strip the file of its password prior to uploading.
Thanks again.