Use the new certificate command to create a new certificate that Octopus Server can use to authenticate itself with its Tentacles.
New certificate options
Usage: Octopus.Server new-certificate [<options>]
Where [<options>] is any of:
--instance=VALUE Name of the instance to use
--config=VALUE Configuration file to use
--replace Replaces the existing certificate that Octopus
Server uses to authenticate itself
--export-pfx=VALUE Exports the new certificate to the specified
file; for use with the import-certificate command
--pfx-password=VALUE The password to use for the exported pfx file
--type=VALUE Sets which certificate will be updated. Valid
options are: 'tentacle' or 'grpc'. Default:
'tentacle'
--skipDatabaseCompatibilityCheck
Skips the database compatibility check
--skipDatabaseSchemaUpgradeCheck
Skips the database schema upgrade checks. Use
with caution
Or one of the common options:
--help Show detailed help for this commandThe --type parameter is only available in versions >= 2025.4
Basic examples
Replacing existing Tentacle certificate
This example creates a new Tentacle certificate for instance MyNewInstance and replaces the old one:
octopus.server new-certificate --instance="MyNewInstance" --replaceGenerating and exporting a new Tentacle certificate
This example creates a new Tentacle certificate and exports it to a PFX file:
octopus.server new-certificate --export-pfx="c:\temp\new-certificate.pfx" --pfx-password="your-secret-password"Replacing existing gRPC certificate
This example creates a new gRPC certificate for instance MyNewInstance and replaces the old one:
octopus.server new-certificate --instance="MyNewInstance" --replace --type="grpc"Help us continuously improve
Please let us know if you have any feedback about this page.
Page updated on Wednesday, November 19, 2025