X.509 certificates are a key component of many deployment processes. Octopus Deploy provides the ability to securely store and manage your certificates, and easily use them in your Octopus Projects.
Securely Store Certificates and Private-Keys
Configure Subscriptions for Expiry Notifications
Octopus Subscriptions can be used to configure notifications when certificates are close to expiry or have expired.
There is a "Certificate expiry events" event-group, and three events:
- Certificate expiry 20-day warning
- Certificate expiry 10-day warning
- Certificate expired
Certificate-expiry events are not raised for archived certificates.
The background task which raises the certificate-expiry events runs:
- 10 minutes after the Octopus Server service starts
- Every 4 hours
Import Certificates into the Windows Certificate Store
Certificates can be imported to Windows Certificate Stores as part of a deployment process using the Import Certificate Deployment Step
Use certificates for HTTPS bindings when deploying IIS Websites
When configuring HTTPS bindings for IIS Websites, a certificate can be configured either by:
- entering the thumbprint directly (this assumes the certificate has already been installed on the machine)
- selecting a certificate-typed variable (this will automatically install the certificate)
Create Certificate-Typed Variables
Certificates managed by Octopus can be configured as the value of variables, and used from custom deployment scripts.
In This Section
The rest of this section covers these topics in some more detail, and explains how to implement them.
- Exporting a Certificate to a Java Keystore
- Importing Certificates into Tomcat
- Importing Certificates into WildFly and JBoss EAP
- Add a Certificate to Octopus
- Certificates - Supported File Formats
- Archiving and Deleting Certificates
- Import Certificate to Windows Certificate Store
- Replace a Certificate
- Export a Certificate
- Certificate Chains