X.509 certificates are a key component of many deployment processes. Octopus Deploy provides the ability to securely store and manage your certificates, and easily use them in your Octopus Projects.
Supported certificate file formats
The following certificate formats are supported in Octopus Deploy:
- PKCS#12: .pfx files. May include a private-key.
- PEM: Base64-encoded ASN.1. Usually has .pem file extension (though sometimes .cer or .crt on Windows). May include a private-key.
- DER: Binary-encoded ASN.1. Generally stored with file extensions .crt, .cer, or .der. Does not include private-key.
Securely store certificates and private-keys
Configure subscriptions for expiry notifications
Octopus Subscriptions can be used to configure notifications when certificates are close to expiry or have expired.
There is a "Certificate expiry events" event-group, and three events:
- Certificate expiry 20-day warning.
- Certificate expiry 10-day warning.
- Certificate expired.
Certificate-expiry events are not raised for archived certificates.
The background task which raises the certificate-expiry events runs:
- 10 minutes after the Octopus Server service starts
- Every 4 hours
Import certificates into the Windows certificate store
Certificates can be imported to Windows Certificate Stores as part of a deployment process using the Import Certificate Deployment Step.
Use certificates for HTTPS bindings when deploying IIS websites
When configuring HTTPS bindings for IIS Websites, a certificate can be configured either by:
- entering the thumbprint directly (this assumes the certificate has already been installed on the machine).
- selecting a certificate-typed variable (this will automatically install the certificate).
Create certificate-typed variables
Certificates managed by Octopus can be configured as the value of variables, and used from custom deployment scripts.
Note that certificates can not be selected directly when configuring a deployment step. Selecting a certificate in deployment steps presents a drop-down list of the certificate variables that have been defined in the project.
- Lets Encrypt runbook examples.
- Add a certificate to Octopus
- Certificate chains
- Import certificate to Windows certificate store
- Import certificates into Tomcat
- Import certificates into WildFly and JBoss EAP
- Export a certificate
- Export a certificate to a Java KeyStore
- Replace a certificate
- Archive and delete certificates
- Troubleshooting invalid certificates
Need support? We're here to help.