Deploy HTTPS Websites using Octopus Deploy

So you have a website and you need to deploy it, right? to HTTPS you say? Well, here’s how you can do it with Octopus Deploy.

I won’t be diving into details what Octopus Deploy is and what can it do for you. If you are not familliar with Octopus Deploy yet, try a live demo at


First thing you’ll need is a certificate Thumbprint. You can get it by following the steps below.


  1. Find a certificate you want to use

    IIS - Server Certificates Figure: Server Certificates
  2. Copy the Thumbprint

    SelfSignedCertificate Figure: Target Certificate
    SelfSignedCertificate_Thumbprint Figure: Certificate Thumbprint

Now you need to configure Octopus Deploy to install your package on IIS using a certificate Thumbprint.

Octopus Deploy

  1. In Octopus Deploy navigate to the Process tab and click on Add step button

    OctopusDeploy_AddStep Figure: Add a Deployment Step
  2. Choose Deploy a NuGet Package step

    OctopusDeploy_DeployNuGetPackage Figure: Choose Stype Type dialog
  3. Scroll down and click on the "Configure features" link to open additional options

    OctopusDeploy_ConfigureFeatures Figure: Deployment Process
  4. Tick "IIS web site and application pool" checkbox and click Save

    OctopusDeploy_IIS_Website Figure: Enable features dialog
  5. By default this will create a binding for port 80 running on HTTP. Click on Edit link to change this.

    OctopusDeploy_IIS_BindingEdit Figure: Default Binding
  6. In the dialog that appears chenge protocol to HTTPS, enter the hostname and paste your Certificate Thumbprint.Keep in mind it has to be without spaces!

    OctopusDeploy_IIS_BindingSettings Figure: Modified Configuration
  7. Ater your press the Save button your binding should look like this

    OctopusDeploy_IIS_Binding Figure: IIS Binding after configuration

That's it, as simple as it can be. From now on, Octopus Deploy will publish your website to HTTPS.

Self-signed Certificates

Sometimes you'll need to create self-signed certificates for environments where purchasing a certificate would make no sense. Like Development, UAT or Staging. In such case it's best to generate self-signed certificates for subdomains that the web sites are running on, or simply create a wildcard certificate that will cover them all.

Root CA

Before you can create a self-signed certificate for your subdomain, you will have to create Root CA certificate. Use the following command to do it and replace the values in curly braces.
"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\makecert.exe" -n "CN=My Development Root CA,O=My Company Name,OU=Dev Department,L=My Location,S=My State,C=My Country" -pe -ss Root -sr LocalMachine -sky exchange -m 120 -a sha256 -len 2048 -r

Domain Name Certificate

Now you can use your Root CA to generate a domain certificate using the following command.
"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\makecert.exe" -n "" -pe -ss My -sr LocalMachine -sky exchange -m 120 -in "My Development Root CA" -is Root -ir LocalMachine -a sha256 -eku
Share this:

Leave A Reply

Your email address will not be published. Required fields are marked *