Octopus Deploy Documentation


Last updated

X.509 certificates are a key component of many deployment processes. Octopus Deploy provides the ability to securely store and manage your certificates, and easily use them in your Octopus Projects.

Securely store certificates and private-keys

Configure subscriptions for expiry notifications

Octopus Subscriptions can be used to configure notifications when certificates are close to expiry or have expired.

There is a "Certificate expiry events" event-group, and three events:

  • Certificate expiry 20-day warning.
  • Certificate expiry 10-day warning.
  • Certificate expired.

Certificate-expiry events are not raised for archived certificates.

The background task which raises the certificate-expiry events runs:

  • 10 minutes after the Octopus Server service starts
  • Every 4 hours

Import certificates into the Windows certificate store

Certificates can be imported to Windows Certificate Stores as part of a deployment process using the Import Certificate Deployment Step.

Use certificates for HTTPS bindings when deploying IIS websites

When configuring HTTPS bindings for IIS Websites, a certificate can be configured either by:

  • entering the thumbprint directly (this assumes the certificate has already been installed on the machine).
  • selecting a certificate-typed variable (this will automatically install the certificate).

Create certificate-typed variables

Certificates managed by Octopus can be configured as the value of variables, and used from custom deployment scripts.

Note that certificates can not be selected directly when configuring a deployment step. Selecting a certificate in deployment steps presents a drop-down list of the certificate variables that have been defined in the project.

In this section

The following topics are explained further in this section:

Need support? We're here to help.