SOLVED

Certificate error

Copper Contributor
I am trying to follow the pnp partner pack setup process. After closely following instructions and three attempts, I get the oops exception value: null parameter:certificate when loading the pnp site. All of the bits were downloaded from git hub last week. I think this is a common issue but I can't find any related posts here. Any ideas what to check? Should I wait for the upcoming 2.0 launch?
Bob
6 Replies

Did you add the certificate to your Azure web app as described here: https://github.com/OfficeDev/PnP-Partner-Pack/blob/master/Documentation/Manual-Setup-Guide.md#app-on...?

Yes I completed the steps to create the x.509 self signed certificate and uploaded it to my web app, as per the instructions.  I also added the "WEBSITE_LOAD_CERTIFICATES" with value of "*" to the App Settings area. I used the latest PNP-Powershell from github to create the cert, extract the Key information, paste into the manifest and upload back into the Azure AD App configuration.

 

Other details:

 

-  added the "/" at the end of the reply to address in the Azure AD app configuration

-  for the Azure AD app, added the app permissions for SPO and delegate permissions for Microsoft Graph (read and write access to USer Profiles) FYI I missed this on the first attempt.

- When generating the secret for the Azure AD app, I specified two years instead of one.

- creation of Infrastrucutral Site, provisioning of Infrastructral site, and web.config customization were completed successfully using the powershell scripts.

 

I was follwing the video, which obfiscates some of the powershell text when creating the cert.  Here is what I used to create the cert, perhaps thats an issue.

.\Create-SelfSignedCertificate.ps1 -CommonName "mysiteprovisioning" -StartDate 06/09/2016 -EndDate 06/09/2018 -Password(ConvertTo-SecureString "xxxxxx" -AsPlainText -Force)

 

I did make three attempts.  Each time I deleted the Azure AD app, the web app. and the infrastructual site collection in my tenant.  I was careful to isolate certs, Client IDs, etc. between each attempt. Each time I landed on this error on page load:

 

Oops! Exception occurred!

Value cannot be null. Parameter name: certificate

at Microsoft.IdentityModel.Clients.ActiveDirectory.ClientAssertionCertificate..ctor(String clientId, X509Certificate2 certificate) at OfficeDevPnP.Core.AuthenticationManager.GetAzureADAppOnlyAuthenticatedContext(String siteUrl, String clientId, String tenant, X509Certificate2 certificate) at OfficeDevPnP.PartnerPack.Infrastructure.PnPPartnerPackContextProvider.GetAppOnlyClientContext(String siteUrl) at OfficeDevPnP.PartnerPack.SiteProvisioning.Controllers.HomeController.Index() at lambda_method(Closure , ControllerBase , Object[] ) at System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) at System.Web.Mvc.Async.AsyncControllerActionInvoker.<BeginInvokeSynchronousActionMethod>b__39(IAsyncResult asyncResult, ActionInvocation innerInvokeState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End() at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3d() at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass33.<BeginInvokeActionMethodWithFilters>b__32(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End() at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.<>c__DisplayClass2b.<BeginInvokeAction>b__1c() at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.<BeginInvokeAction>b__1e(IAsyncResult asyncResult)

© Office 365 Developers Patterns & Practices - PnP Partner Pack version: 1.1 (February 2016)

 

Bob

 

 

 

 

 

 

 

 

 

 

One last thing to doublecheck is how you've published the web app...from the guide: "When you publish the web application, remember to *uncheck *the option "Enable Organizational Authentication". If you leave this selected you migh face authentication issues when running the pnp-partner-pack"

 

I've specifically addded that to the docs as I was having similar issues like you're seeing when I deployed the partner pack.

I think the tooling has changed since the PnP Partner Pack setup manual and video were released.

 

I'm using VS Professional 2015 Update 3.  When I publish for the first time, there is no option to turn off "Enable Organization Authentication" the publish wizard.  If I publish again, it does appear, and is checked off.  I uncheck and publish again, but does not resolve the issue.  Also I note that additional apps are registering against the Azure AD in my tenant. these apps start with prefix WebApp- and can not be deleted from management portal.

 

If its a tooling issue, others must be encountering the same.  Can anyone repro this issue?

 

 

best response confirmed by Bob Troppmann (Copper Contributor)
Solution

I was able to resolve my issue.

 

These are the steps that were different in my successful attempt:

 

1)  When creating the self signed cert, I passed the date parameters in MM/DD/YYYY format, and added the -String.

Previously I was passing the date as DD/MM/YYYY.  The snippet I ran was as follows:

 

.\Create-SelfSignedCertificate.ps1 -CommonName "cwl-partner-pack" -StartDate 09/11/2016 -EndDate 09/11/2018 -Password(ConvertTo-SecureString -String "foo" -AsPlainText -Force)

 

2) My VS2015 was signed in under my microsft account registered with MSDN, which is not the subscription I was working with.  To make sure I was targeting the right subscription, I signed out of visual studio (top right) and in the cloud explorer I connected to the target subscription.

 

3)  This is the one I think that was the fix.  When I ran the publish dialog, I imported the publishing profile, but instead of publishing I click on "Close" (next to publish).  Then I ran the publish dialog again, and this time the "Enable Organizational Auhtentication" option appeared, and was checked off.  I unchecked it, then published with successful outcome.

 

Bob 

Glad you got it to work and thanks for sharing your findings with the rest of the community.

1 best response

Accepted Solutions
best response confirmed by Bob Troppmann (Copper Contributor)
Solution

I was able to resolve my issue.

 

These are the steps that were different in my successful attempt:

 

1)  When creating the self signed cert, I passed the date parameters in MM/DD/YYYY format, and added the -String.

Previously I was passing the date as DD/MM/YYYY.  The snippet I ran was as follows:

 

.\Create-SelfSignedCertificate.ps1 -CommonName "cwl-partner-pack" -StartDate 09/11/2016 -EndDate 09/11/2018 -Password(ConvertTo-SecureString -String "foo" -AsPlainText -Force)

 

2) My VS2015 was signed in under my microsft account registered with MSDN, which is not the subscription I was working with.  To make sure I was targeting the right subscription, I signed out of visual studio (top right) and in the cloud explorer I connected to the target subscription.

 

3)  This is the one I think that was the fix.  When I ran the publish dialog, I imported the publishing profile, but instead of publishing I click on "Close" (next to publish).  Then I ran the publish dialog again, and this time the "Enable Organizational Auhtentication" option appeared, and was checked off.  I unchecked it, then published with successful outcome.

 

Bob 

View solution in original post