Deploy HTTPS Websites using Octopus Deploy

So you have a website and you need to deploy it, right? to HTTPS you say? Well, here’s how you can do it with Octopus Deploy.

I won’t be diving into details what Octopus Deploy is and what can it do for you. If you are not familliar with Octopus Deploy yet, try a live demo at


First thing you’ll need is a certificate Thumbprint. You can get it by following the steps below.


  1. Find a certificate you want to use

    IIS - Server Certificates Figure: Server Certificates
  2. Copy the Thumbprint

    SelfSignedCertificate Figure: Target Certificate
    SelfSignedCertificate_Thumbprint Figure: Certificate Thumbprint

Now you need to configure Octopus Deploy to install your package on IIS using a certificate Thumbprint.

Octopus Deploy

  1. In Octopus Deploy navigate to the Process tab and click on Add step button

    OctopusDeploy_AddStep Figure: Add a Deployment Step
  2. Choose Deploy a NuGet Package step

    OctopusDeploy_DeployNuGetPackage Figure: Choose Stype Type dialog
  3. Scroll down and click on the "Configure features" link to open additional options

    OctopusDeploy_ConfigureFeatures Figure: Deployment Process
  4. Tick "IIS web site and application pool" checkbox and click Save

    OctopusDeploy_IIS_Website Figure: Enable features dialog
  5. By default this will create a binding for port 80 running on HTTP. Click on Edit link to change this.

    OctopusDeploy_IIS_BindingEdit Figure: Default Binding
  6. In the dialog that appears chenge protocol to HTTPS, enter the hostname and paste your Certificate Thumbprint.Keep in mind it has to be without spaces!

    OctopusDeploy_IIS_BindingSettings Figure: Modified Configuration
  7. Ater your press the Save button your binding should look like this

    OctopusDeploy_IIS_Binding Figure: IIS Binding after configuration

That's it, as simple as it can be. From now on, Octopus Deploy will publish your website to HTTPS.

Self-signed Certificates

Sometimes you'll need to create self-signed certificates for environments where purchasing a certificate would make no sense. Like Development, UAT or Staging. In such case it's best to generate self-signed certificates for subdomains that the web sites are running on, or simply create a wildcard certificate that will cover them all.

Root CA

Before you can create a self-signed certificate for your subdomain, you will have to create Root CA certificate. Use the following command to do it and replace the values in curly braces.
"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\makecert.exe" -n "CN=My Development Root CA,O=My Company Name,OU=Dev Department,L=My Location,S=My State,C=My Country" -pe -ss Root -sr LocalMachine -sky exchange -m 120 -a sha256 -len 2048 -r

Domain Name Certificate

Now you can use your Root CA to generate a domain certificate using the following command.
"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\makecert.exe" -n "" -pe -ss My -sr LocalMachine -sky exchange -m 120 -in "My Development Root CA" -is Root -ir LocalMachine -a sha256 -eku
Share this:

2 comments on “Deploy HTTPS Websites using Octopus Deploy”

  1. Scott Benners Reply

    Daniel, have you run across a scenario where you need to deploy your project out to multiple servers in one environment. Something like UAT or PROD that has a server farm. Each server certificate thumbprint is different for each server. So, you can’t use a singular thumbprint. Any ideas?

    • Danijel Malik Reply

      Hi Scott,

      Sorry for a late reply.

      Have you tried with naming convention e.g. Server1Thumbprint, Server2Thunbprint and dynamically retrieving the variable value?

      This approach requires a bit fiddling around with PowerShell though.

      I’ve done a couple of session on Infrastructure as Code in the last week and I’ve demonstrated how to rotate my secrets in Azure with every deployment.

      I’m happy to share more insights but I need to understand your environment better.

      Feel free to reply back with your email address and I’ll get back to you.

      Note: Your email won’t be published

Leave A Reply

Your email address will not be published. Required fields are marked *