I have successfully configured and completed request and generation of certificate, but in Tasks where I want the certificate deployed to a file share, credentials that work for one task on a remote file share don’t work in a similar task. For example, in Deploy to Generic Server, we have a Windows Credential stored that deploys the .pem files to a file share, like \server\certs. The same credentials are used to deploy to a CCS, which is on the same server, but the share is ccs, so \server\ccs. Both of those steps succeed, but if we add an Export Certificate step, again using the same credentials, and it’s even in the exact same file share, \server\certs, but app throws an access denied error. Now, how can that be true? It’s the same credentials and the same file share for Deploy to Generic Server, yet to export the pfx file, we get access denied errors. That doesn’t make sense to us, and this is the critical step b/c once that .pfx is exported, scripts are run to deploy it via group policy, etc.
And we also cannot get the Azure Key Vault deployment step to work at all, even though we have it set up correctly (we are an Azure consulting business, so I hope we know how to set up something this simple). In the error message, it says {“error”:{“code”:“BadParameter”,“message”:“The specified PKCS#12 X.509 certificate content can not be read. Please check if certificate is in valid PKCS#12 format.”}}
Once again we are very confused b/c in a prior step, the .pfx is generated correctly and stored in the ccs store for all of our websites (and this is done correctly), so why is it not available to export to Azure? We have tested the azure configuration numerous times, and it works, so for whatever reason, the .pfx file isn’t exported to azure correctly, even though it exists.
We had high hopes for this tool, but it is very difficult to use, things aren’t named consistently, and finding settings is very hard. But the two main things we need, exporting of the .pfx file both to a file share, and to Azure, aren’t working correctly. Exporting to CCS, or local cert store, they work just fine.
Also, why does the tool ask for a server name if you are using Windows Network credentials? The server name is in the \servername.