Managing Octopus tentacle certificates


We have a requirement to replace the self-signed certificate on tentacles. Is there a way to do this utilizing the Microsoft KeyStore and a GPO so that any new installed tentacle is automatically registered with our own certificate?

Many thanks,

Hi Blair,

Thanks for getting in touch! I may need to get some more information from you to get a better idea of how you can achieve this best. But we do have some thoughts based on what you have provided.

It’s up to you how you get the certificate onto the Tentacle server, GPO could help you do that, though it sounded like you already have the Tentacles installed and just need to update the certificate. If this is the case, you could do this directly in Octopus.

We have a step that allows you to import a certificate into the Windows certificate store on a target. You could then run a script against the target to kick off Tentacle.exe import-certificate.

If you were to use GPO to achieve this, you will need to copy the PFX over to the target server and have a script perform the certificate replacement against the Tentacle.

Using the Octopus manager for this would be the smoothest approach if you already have Tentacle installed.

If you are looking to automate the installation of Tentacle, you could also look into automating Tentacle installation via Octopus DSC.

If the above advice doesn’t help, you will need to provide some further information about your requirements.

If I’ve missed anything or if you have any further questions at all here, feel free to let me know.

Best regards,

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.