Wrong hostname vuln

Hi there:

We have deployed Octopus tentacles on several servers. Each of them have installed a certificate with Octopus Tentacle as a “hostname” . This triggers a vulnerability “SSL Certificate with Wrong Hostname”, since the device has a hostname and the certificate installed due to Octopus is another different. Would you advise on how can we proceed?

Hi @alexander.ortiz.prado,

First and foremost, welcome to the Octopus forums!

Thanks for reaching out.

I think what you may be running into here is your scanner is picking up the fact that we use self-signed certificates. In this case, are you able to create your own certificates so your vulnerability scanner doesn’t hit on our self-signed ones?

Here is some documentation explaining it a bit further: Octopus - Tentacle communication - Octopus Deploy

Please let me know if that helps.


hi @jeremy.miller thanks for the response. It has been very helpful.

Hi Alexander,

You’re very welcome! Thanks for letting me know you’re in a good state.

Please let us know if you run into any other issues. I hope you have a great rest of your week.


This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.