Expired certificate replace and certificate variables update

Not sure if it’s already asked question, new feature request or I just don’t know how to do it in a right way.:slight_smile:
Octopus Deploy has really awesome features to handle certificates across different deployments, however I miss one step.

When you replace certificate in certificates library - all variables are still referring old certificate, which becomes archived.
I was expecting all variables referring certificate - will start to use new certificate. Or at least there is an “update” button in “Usage” section (where it’s listed where certificate is used). Some similar update logic exists for step templates - when you update a step, it shows places where “outdated” step is still used and you can update it either just for some steps, or for all steps.

At this moment I had to update certificate in library and then had to update variables in related deployments manually - which is not very convenient. Is there some purpose behind it, or how is it?

Hi,

Thanks for getting in touch! When you replace a certificate the Id of the certificate stays the same but its body gets updated in place. This means that the new certificate will be used for any release created after the cert has been updated. I just tried that with the latest version of Octopus and it worked.

Doesn’t that work for you? If so, can you let me know the version of Octopus you are on?

Regards,

Pawel

Thanks for your response, Pawel!

To be honest - I didn’t try to redeploy with replaced certificate (mainly because it’s not so straightforward - certificates are not often updated, they are ordered/updated only by authorized personnel and this time it was needed for production environment). However why I asked is because I saw in project variables, when I edited certificate variable - it wasn’t set to new certificate, but to one, which became archived.

Our Octopus version at the moment is - v2018.6.2 (we update it once per 1-2 months). Can it be the reason, and fixed in more recent versions? Or can it be just “visual”/UI issue, but during deployment most recent and “active” certificate will be used?

Hi,

I think it is more about the way we present it in the UI and you should be fine.

Regards,

Pawel

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.