So you have a website and you need to deploy it, right? to HTTPS you say? Well, here’s how you can do it with Octopus Deploy.
I won’t be diving into details what Octopus Deploy is and what can it do for you. If you are not familliar with Octopus Deploy yet, try a live demo at http://demo.octopusdeploy.com
First thing you’ll need is a certificate Thumbprint. You can get it by following the steps below.
Find a certificate you want to useFigure: Server Certificates
Copy the ThumbprintFigure: Target Certificate
Figure: Certificate Thumbprint
Now you need to configure Octopus Deploy to install your package on IIS using a certificate Thumbprint.
In Octopus Deploy navigate to the Process tab and click on Add step buttonFigure: Add a Deployment Step
Choose Deploy a NuGet Package stepFigure: Choose Stype Type dialog
Scroll down and click on the "Configure features" link to open additional optionsFigure: Deployment Process
Tick "IIS web site and application pool" checkbox and click SaveFigure: Enable features dialog
By default this will create a binding for port 80 running on HTTP. Click on Edit link to change this.Figure: Default Binding
In the dialog that appears chenge protocol to HTTPS, enter the hostname and paste your Certificate Thumbprint.Keep in mind it has to be without spaces!Figure: Modified Configuration
Ater your press the Save button your binding should look like thisFigure: IIS Binding after configuration
That's it, as simple as it can be. From now on, Octopus Deploy will publish your website to HTTPS.
Self-signed CertificatesSometimes you'll need to create self-signed certificates for environments where purchasing a certificate would make no sense. Like Development, UAT or Staging. In such case it's best to generate self-signed certificates for subdomains that the web sites are running on, or simply create a wildcard certificate that will cover them all.
Root CABefore you can create a self-signed certificate for your subdomain, you will have to create Root CA certificate. Use the following command to do it and replace the values in curly braces.
"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\makecert.exe" -n "CN=My Development Root CA,O=My Company Name,OU=Dev Department,L=My Location,S=My State,C=My Country" -pe -ss Root -sr LocalMachine -sky exchange -m 120 -a sha256 -len 2048 -r
Domain Name CertificateNow you can use your Root CA to generate a domain certificate using the following command.
"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\makecert.exe" -n "CN=dev.mywebsite.com" -pe -ss My -sr LocalMachine -sky exchange -m 120 -in "My Development Root CA" -is Root -ir LocalMachine -a sha256 -eku 184.108.40.206.220.127.116.11.1