New Release

Deploy to Amazon ECS with our guided UI step

Octopus Deploy Documentation

Certificates

Last updated

X.509 certificates are a key component of many deployment processes. Octopus Deploy provides the ability to securely store and manage your certificates, and easily use them in your Octopus Projects.

Supported certificate file formats

The following certificate formats are supported in Octopus Deploy:

  • PKCS#12: .pfx files. May include a private-key.
  • PEM: Base64-encoded ASN.1. Usually has .pem file extension (though sometimes .cer or .crt on Windows). May include a private-key.
  • DER: Binary-encoded ASN.1. Generally stored with file extensions .crt, .cer, or .der. Does not include private-key.

Securely store certificates and private-keys

Configure subscriptions for expiry notifications

Octopus Subscriptions can be used to configure notifications when certificates are close to expiry or have expired.

There is a "Certificate expiry events" event-group, and three events:

  • Certificate expiry 20-day warning.
  • Certificate expiry 10-day warning.
  • Certificate expired.

The background task which raises the certificate-expiry events runs:

  • 10 minutes after the Octopus Server service starts
  • Every 4 hours

Certificate-expiry events are not raised for archived certificates.

Import certificates into the Windows certificate store

Certificates can be imported to Windows Certificate Stores as part of a deployment process using the Import Certificate Deployment Step.

Use certificates for HTTPS bindings when deploying IIS websites

When configuring HTTPS bindings for IIS Websites, a certificate can be configured either by:

  • entering the thumbprint directly (this assumes the certificate has already been installed on the machine).
  • selecting a certificate-typed variable (this will automatically install the certificate).

Create certificate-typed variables

Certificates managed by Octopus can be configured as the value of variables, and used from custom deployment scripts.

Note that certificates can not be selected directly when configuring a deployment step. Selecting a certificate in deployment steps presents a drop-down list of the certificate variables that have been defined in the project.

Learn more

Need support? We're here to help.