Geek Answers Handbook

Octopus Deploy - Deploy.ps1 script to configure SSL bindings in IIS

Using octopus deploy script to create found websites here

I am trying to set up a website using SSL. I changed http -> https and the variable is set to this $MyWebAppIisBindings = "*:433:"

This script does everything to create a new site and deploy my application, except for installing a certificate.

I have one certificate called 'webserver' that can be selected from the combo box in the edit sites binding dialog box in IIS Manager 7. Selecting this manually does the SSL job as expected.

What Powershell cmdlet do I need to add to the deployment script to associate my certificate with my IIS binding?

(I'm a full Powershell noob, please don't think that I know anything about this in your answer)

EDIT: I progressed a bit, but I still lost

 # think I need to do something like this to get the certificate # Get-Item cert:\LocalMachine\My\$siteCertThumb # but I have no idea how to assign it to the 443 binding
+6
source share
3 answers

To deploy Jared's answer, here is a complete script from a recent project that uses both HTTP and HTTPS:

 # # Settings #--------------- $appPoolName = ("Kraken-Pool-" + $OctopusEnvironmentName) $siteName = ("Kraken - " + $OctopusEnvironmentName) $siteBindings = ":80:octopushq.com" $siteBindingsSecure = ":443:octopushq.com" $siteCertificate = "CERT:\LocalMachine\WebHosting\A347FC4B77A2C176E451D8CE4973C7D0FB3E19AA" $appPoolFrameworkVersion = "v4.0" $webRoot = (resolve-path .) # Installation #--------------- Import-Module WebAdministration cd IIS:\ $appPoolPath = ("IIS:\AppPools\" + $appPoolName) $pool = Get-Item $appPoolPath -ErrorAction SilentlyContinue if (!$pool) { Write-Host "App pool does not exist, creating..." new-item $appPoolPath $pool = Get-Item $appPoolPath } else { Write-Host "App pool exists." } Write-Host "Set .NET framework version:" $appPoolFrameworkVersion Set-ItemProperty $appPoolPath managedRuntimeVersion $appPoolFrameworkVersion Write-Host "Set identity..." Set-ItemProperty $appPoolPath -name processModel -value @{identitytype="NetworkService"} Write-Host "Checking site..." $sitePath = ("IIS:\Sites\" + $siteName) $site = Get-Item $sitePath -ErrorAction SilentlyContinue if (!$site) { Write-Host "Site does not exist, creating..." $id = (dir iis:\sites | foreach {$_.id} | sort -Descending | select -first 1) + 1 new-item $sitePath -bindings @{protocol="http";bindingInformation=$siteBindings} -id $id -physicalPath $webRoot } else { Write-Host "Site exists. Complete" } Write-Host "Set app pool..." Set-ItemProperty $sitePath -name applicationPool -value $appPoolName Write-Host "Set bindings..." Set-ItemProperty $sitePath -name bindings -value @{protocol="http";bindingInformation=$siteBindings} New-ItemProperty $sitePath -name bindings -value @{protocol="https";bindingInformation=$siteBindingsSecure} Get-Item $siteCertificate | Set-Item IIS://SslBindings/0.0.0.0!443 Write-Host "Set path..." Set-ItemProperty $sitePath -name physicalPath -value "$webRoot" Write-Host "IIS configuration complete!"
+6
source

In 15 below, we use an octopus and built an open source octopus helper.

One of the features in helper powershells includes installing in IIS and adding an SSL certificate.

the project itself can be found here: https://github.com/15below/Ensconce

for how to use the helper, first refer to createWebSite.ps1. - this works if you are using IIS6 or 7. Then create the application pool, website and add the ssl certificate.

here is a small example

 $deployTools = "D:\DeployTools\" . $deployTools\createWebSite.ps1 CreateAppPool "MyAppPool" CreateWebsite "MyWebsite" "D:\WebsiteDir" "MyAppPool" "MyAppName" "myWebsite.com" "D:\Logs\MyWebsite" AddSslCertificate "MyWebsite" "CertificateName" "myWebsite.com"

You can also use ensconce tool to deploy your application and update any configuration data. - More information on this can be found on the GitHub wiki.

+4
source

Along with the two changes you have already made, http -> https and 80 -> 443 .

Add the following to the end of the deployment script. Where $ siteCertThumb is the certificate thumbprint stored in \ My local storage.

 Write-Host "Add certificate to binding..." Get-Item CERT:\LocalMachine\MY\$siteCertThumb | New-Item IIS://SslBindings/$siteBindings
+1
source

More articles:


All Articles