In the variable-editor, selecting Certificate as the variable type allows you to create a variable with a certificate managed by Octopus as the value.
Certificate variables can be scoped, similar to regular text variables.
At deploy-time, certificate variables are expanded. For example, a variable MyCertificate becomes:
|The certificate ID||Certificates-1|
|The variable type||Certificate|
|The user-provided name||My Development Certificate|
|The base64 encoded original file, exactly as it was uploaded.|
|The password specified when the file was uploaded.|
|The base64 encoded certificate in PKCS#12 format, including the private-key if present. If the originally uploaded certificate was password-protected (i.e. |
|The base64 encoded DER ASN.1 certificate.|
|The base64 encoded DER ASN.1 private key. This will be stored and transmitted as a sensitive variable.|
|The PEM representation of the certificate (i.e. the PublicKey with header\footer).|
|The PEM representation of the private key (i.e. the PrivateKey with header\footer).|
|The PEM representation of any chain certificates (intermediate or certificate-authority). This variable does not include the primary certificate.|
|The X.500 distinguished name of the subject|
|The un-attributed subject common name|
|The X.500 distinguished name of the issuer|
Given the certificate variable
MyCertificate, you can access the certificate thumbprint in a script like this:
thumbprint=$(get_octopusvariable "MyCertificate.Thumbprint") echo "$thumbprint"
It’s possible to write the PEM representation of the certificate to a file for use directly with a web server e.g. Apache, or a reverse proxy like NGINX. In bash, the script looks like this:
CERT=$(get_octopusvariable "MyCertificate.CertificatePem") echo "$CERT" > my_cert.crt
If your certificate also contains any chain certificates (e.g. intermediate or certificate authority), they can be written to a file that contains the primary certificate too. The following example shows how to do so in bash:
CERT=$(get_octopusvariable "MyCertificate.CertificatePem") CHAIN=$(get_octopusvariable "MyCertificate.ChainPem") COMBINED_CHAIN="$CERT\n$CHAIN" echo -e "$COMBINED_CHAIN" > my_combined.crt
If your certificate also has a private key that you need to export, you can use the
PrivateKeyPem property using bash:
KEY=$(get_octopusvariable "MyCertificate.PrivateKeyPem") echo "$KEY" > ssl.key
Help us continuously improve
Please let us know if you have any feedback about this page.
Page updated on Thursday, October 12, 2023