ab#79304

Lee Fine · Lee Fine · commit fdd19617eafd · 2026-01-22T18:41:30.000Z
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,6 @@
 v4.0.0
 - Added ability to run post job commands for Management-Add and ODKG jobs.
+- Bug Fix: Issue adding certificates without private keys introduced in 3.0.0
 
 v3.0.0
 - Added support for post quantum ML-DSA certificates for store types RFPEM, RFJKS, RFPkcs12, and RFDER
diff --git a/RemoteFile/RemoteCertificateStore.cs b/RemoteFile/RemoteCertificateStore.cs
@@ -25,6 +25,8 @@
 using static Keyfactor.Extensions.Orchestrator.RemoteFile.ReenrollmentBase;
 using static Keyfactor.PKI.PKIConstants.X509;
 using Keyfactor.PKI.PrivateKeys;
+using Keyfactor.PKI.CryptographicObjects.Formatters;
+using Org.BouncyCastle.X509;
 
 namespace Keyfactor.Extensions.Orchestrator.RemoteFile
 {
@@ -263,7 +265,7 @@ internal void AddCertificate(string alias, string certificateEntry, bool overwri
                     RemoveRootCertificate(Convert.FromBase64String(certificateEntry), pfxPassword) : 
                     Convert.FromBase64String(certificateEntry);
 
-                using (MemoryStream ms = new MemoryStream(newCertBytes))
+                using (MemoryStream ms = new MemoryStream(string.IsNullOrEmpty(pfxPassword) ? ConvertDERToP12(newCertBytes) : newCertBytes))
                 {
                     newEntry.Load(ms, string.IsNullOrEmpty(pfxPassword) ? new char[0] : pfxPassword.ToCharArray());
                 }
@@ -580,6 +582,23 @@ private string FormatPath(string path)
 
             return "'" + path + (path.Substring(path.Length - 1) == @"\" ? string.Empty : @"\") + "'";
         }
+
+        private byte[] ConvertDERToP12(byte[] cert)
+        {
+            X509Certificate x509Cert = new X509CertificateParser().ReadCertificate(cert);
+            Pkcs12Store store = new Pkcs12StoreBuilder().Build();
+            store.SetCertificateEntry("temp", new X509CertificateEntry(x509Cert));
+
+            using (var ms = new MemoryStream())
+            {
+                store.Save(
+                    ms,
+                    new char[] {},
+                    new SecureRandom()
+                );
+                return ms.ToArray();
+            }
+        }
     }
 
     class PathFile
