This documentation is for Octopus Deploy Version 3.13. View other versions


Last updated

X.509 certificates are a key component of many deployment processes. Octopus Deploy provides the ability to securely store and manage your certificates, and easily use them in your Octopus Projects.

Securely Store Certificates and Private-Keys

Configure Subscriptions for Expiry Notifications

Octopus Subscriptions can be used to configure notifications when certificates are close to expiry or have expired.

There is a "Certificate expiry events" event-group, and three events:

  • Certificate expiry 20-day warning
  • Certificate expiry 10-day warning
  • Certificate expired

Certificate-expiry events are not raised for archived certificates.

The background task which raises the certificate-expiry events runs:

  • 10 minutes after the Octopus Server service starts
  • Every 4 hours

Import Certificates into the Windows Certificate Store

Certificates can be imported to Windows Certificate Stores as part of a deployment process using the Import Certificate Deployment Step

Use certificates for HTTPS bindings when deploying IIS Websites

When configuring HTTPS bindings for IIS Websites, a certificate can be configured either by:

  • entering the thumbprint directly (this assumes the certificate has already been installed on the machine)
  • selecting a certificate-typed variable (this will automatically install the certificate)

Create Certificate-Typed Variables

Certificates managed by Octopus can be configured as the value of variables, and used from custom deployment scripts.

In This Section

The rest of this section covers these topics in some more detail, and explains how to implement them.