That’s correct, There are two certificates at play here. Expanding on what Paul said above:
-
The SSL certificate for the Octopus web portal, API etc, this is a regular, valid SSL certificate for normal web traffic. The tentacle, as part of the register-with command, will reach out to the Octopus server API over to register itself with the Octopus server so that the Octopus server knows about the tentacle. This is only used at this point in the process, and after the tentacle is registered, all communication happens on port 10943.
-
The certificate on port 10943 is a self-signed certificate that is used for encrypting traffic between the server and the tentacle - we offer a static webpage on this port to verify that the server is listening correctly. You can hit this in a browser (with certificate errors, naturally, since it’s not a trusted cert).
I hope that helps clarify - please let us know if you have any further questions.