Hello. I am trying to export the certificate using the Tasks Type: Export Certificate. The Task Parameters I am using is:
Authentication: Local (as current service user)
Destination File Path: c:\test.pfx
When I try to run the task, I get this error message:
The deployment task failed to complete. Export Certificate :: Export - the credentials for this task could not be unlocked or were not accessible 93ff…
I tried changing the authentication to Local (as specific user) but that didn’t work either and still throws the same error.
I also tried uninstalling and reinstalling the Certify app, because I thought maybe there was a problem connecting to the locally stored credentials but that didn’t help either.
Please let me know what else I can try to resolve this. Thank you!
I don’t recommend writing to C:\ and would suggest a subfolder such as C:\Certificates as C:\ can have special restrictions depedning on other OS settings.
For stored credentials (which you won’t usually need to write to the local disk, the service is running as local system) when you create them they are encrypted using the current user account. It’s important that you don’t try to run the Certify service as another alternative user as updates will reset the user back to local system and it will be unable to decrypt the stored credentials. You can fix a broken stored credential by replacing it under Settings > Stored Credentials (choose Replace).
Thank you for the quick reply. There is no “local (current service user)” credential under Settings > Stored Credentials. The only thing there is my Authorization Credential to call the DNS API. That wouldn’t be used for the Task though, since the Task is only to Export the Certificate. Which at this point has already been pulled down (and I do have it Deployed to Certificate Store Only).
I changed the Destination File Path so it is longer in C:\ root. The new path (really for testing this now) is C:\Certificates\test.pfx
There are no additional or alternative user accounts (there is only 1 account on the machine running the app), so the Local account should be correct.
I still cannot get this to work. The same error is showing " the credentials for this task could not be unlocked or were not accessible "…what does this really mean and is there anything else you suggest I can try?
Thank you very much!
RESOLVED!
Can’t believe I overlooked this, but it is now resolved. For some reason when I upgraded to 6.0.18.0, the PFX password was missing. What I did was this:
-
Under Certificate > Signing and Security. Go to the Security section and make sure you specify a password for PFX file that is generated by the Task. (Again for some reason this was configured before and was missing).
-
Create a New Credential (credential type “Password”) and set a password in this screen.
Now the task runs perfectly, the PFX is exported to the Destination Folder and everything is worked as expected.
Hope this explanation works for anyone else who might get the error message I was getting. Have a nice day (and thanks again webprofusion for your earlier reply).
1 Like
Ah thanks, yes it occurred to me reading your previous reply that the PFX may have had a password set that couldn’t be decrypted (or wasn’t yet applicable).
Also If you set a PFX password but don’t yet click Request Certificate (to generate a new PFX) then the existing PFX won’t really have a password yet, but the deployment task doesn’t know that.
