Use the import certificate command to replace the certificate that Octopus Server uses to authenticate itself with its Tentacles.
Import certificate options
Usage: Octopus.Server import-certificate [<options>]
Where [<options>] is any of:
--instance=VALUE Name of the instance to use
--config=VALUE Configuration file to use
-f, --from-file=VALUE Import a certificate from the specified file
generated by the new-certificate command or a
Personal Information Exchange (PFX) file
--pw, --pfx-password=VALUE
Personal Information Exchange (PFX) private key
password
--type=VALUE Sets which certificate will be updated. Valid
options are: 'tentacle' or 'grpc'. Default:
'tentacle'
--skipDatabaseCompatibilityCheck
Skips the database compatibility check
--skipDatabaseSchemaUpgradeCheck
Skips the database schema upgrade checks. Use
with caution
Or one of the common options:
--help Show detailed help for this commandThe --type parameter is only available in versions >= 2025.4
Basic examples
Importing Tentacle certificate
This example imports a certificate from the file OctopusServer-certificate.pfx to replace the existing certificate that the Octopus Server instance named OctopusServer uses to authenticate itself with its Tentacles:
octopus.server import-certificate --instance="OctopusServer" --from-file="C:\temp\OctopusServer-certificate.pfx" --pfx-password="your-secret-password"Importing gRPC certificate
This example imports a certificate from the file OctopusServer-certificate.pfx to replace the existing certificate that the Octopus Server instance named OctopusServer uses to authenticate itself with its Kubernetes Monitors and Argo CD Gateways:
octopus.server import-certificate --instance="OctopusServer" --from-file="C:\temp\OctopusServer-certificate.pfx" --pfx-password="your-secret-password" --type="grpc"Help us continuously improve
Please let us know if you have any feedback about this page.
Page updated on Wednesday, November 19, 2025