Certificates || New imported certs Subject is in reverse order

Hello Octo Peeps,
As of Build 2021.1(7500) when i am uploaded a new certificate Octopus.
“Libary > Certificates > Add Certificate”
After I upload the new Cert I am now seeing the subject under the Details in reverse order.

as per your document on page
the order should be
CN= testserver.domain.com
O= Company name
L= Company location
C= Company region

This used to be the case for us
Now we are seeing it like this
C= Company region
L= Company location
O= Company name
CN= testserver.domain.com

When we deploy the cert and use the subject in our configuration file is in the wrong order and fails the deployment.

the cert will show it like this when queried from windows
CN= testserver.domain.com, O= Company name, L= Company location, C= Company region

Octopus will apply the following to our config file when doing a variable replacement
C=Company region,L=Company location,O=Company name,CN=testserver.domain.com

NOTE: The order is incorrect and the space after the , is stripped out. this causes a miss-match when validating a cert

We are deploying to a Windows platform.
is there an easy way for when we get the subject name from the cert that we can reverse the order at the time of deployment?

Hi David,

Thanks for getting in touch!

I ran a test of this on the latest version and on 2020.6 and in both cases saw the reverse ordering in the Subject field.
Which version were you using prior to 2021.1.7500? I’m trying to pinpoint where this may have changed.

As for getting the subject name of the cert, you can do this using certificate variables. Specifically, MyCertificate.Subject or MyCertificate.SubjectCommonName.



Hi Paul,

I know how to get the variable to return the subject name. is there a way for me to reverse that value as a quick fix?

Unfortunately, I don’t know the version we had before but it was on the long-term branch from last year.
We upgraded to put in the fix for the SQL injection and then had to update again because of the page loading time issue around variables.

If I can query our system to show what versions we had in the past I am happy to get that for you

Hi David,

Thanks for following up. I’ll jump in here with Paul as he’s currently offline as part of our UK-based team.

I think the only option for a quick fix would be to essentially override the MyCert.Subject expanded property of your certificate variable that Octopus creates from the cert, to put these in the right order and add the space after the comma. Would something like this help? That’d involve creating a new project variable, named MyCert.Subject, and setting the value to the expected right value, e.g. CN= testserver.domain.com, O= Company name, L= Company location, C= Company region

I’m hoping that will prevent the mismatch at validation, but please let us know how you go!

Best regards,


Hi All,

thanks for the input. yes we ended up going it mapping the variable for now as it is causing a lot of deployment errors >.<

But also happy to have managed to repo the issue and hopefully gets resolved soon ?

Hi David,

Thanks for following up! I’m sorry I dropped the ball on this one. I raised the following bug report for you to track after reproducing this bug again in latest.

Great to hear the workaround helped, but my apologies for the inconvenience this has caused you. Please let us know if you have any questions or concerns going forward!

Best regards,


This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.