I need to be able to use a cert generated by our internal CA since for compliance reasons we can’t use a self-signed cert. I noticed there isn’t a way to upload a cert from the web portal, but it looks like I could just base64 encode the cert and update certificate-global in the db? Before I go ahead and try, I would like to confirm that this is the recommended way, or if there is another way to use a custom cert. Is there anything that needs to be changed on the tentacle?
Thanks,
Josh
I found the registry key for the cert on the tentacle. I should just have to update this base64 value with a custom cert as well? Also, does each tentacle need it’s own cert, or could I use the same one for all of our servers? One more question–when I request to get a cert generated from our system engineering guys, what details about the cert do I need to provide?
Hi,
This isn’t really supported but you can make it work.
Yes, the registry value is just the Base-64 encoded value of the certifcate. You’ll need to restart the Tentacle service after you change the value. If it helps, here’s the exact code we use: https://gist.github.com/PaulStovell/6170588
We recommend each Tentacle have its own, but nothing prevents you from reusing the same certificate.
The certificate name must be “cn=Octopus Tentacle”. Key size must be at least 512 bytes and you’ll need the private key too. The certificate needs to be enabled for key exchange usage (I think you can simply not specify any key usage attributes however and it will still work).
Hope that helps,
Paul
Thanks Paul, exactly the information I needed.