Octopus Deploy - Deploy.ps1 script for setting up SSL bindings on IIS

Question

Using the octopus deploy script for creating websites found here

I am trying to setup up a website that uses SSL. I have changed the http -> https and the variable is set to this $MyWebAppIisBindings = "*:433:"

This script does everything to create the new site and deploy my app except set a certificate.

I have one certificate called 'webserver' that can be selected from the combo box in the edit site bindings dialog in the IIS 7 Manager. selecting this manually makes the SSL work as expected.

What Powershell cmdlet do I need to add to the deploy script in order to associate my certificate with my binding on IIS?

(I'm a complete Powershell noob, please don't assume that I know anything about it in your answer)

EDIT: I have progressed a little but I'm still lost

# think I need to do something like this to get the certificate 
# Get-Item cert:\LocalMachine\My\$siteCertThumb 
# but I have no idea how to assign it to the 443 binding

Answer 1

To expand on Jared's answer, here is a complete script from a recent project that uses both HTTP and HTTPS:

#
# Settings
#---------------
$appPoolName = ("Kraken-Pool-" + $OctopusEnvironmentName)
$siteName = ("Kraken - " + $OctopusEnvironmentName) 
$siteBindings = ":80:octopushq.com"
$siteBindingsSecure = ":443:octopushq.com"
$siteCertificate = "CERT:\LocalMachine\WebHosting\A347FC4B77A2C176E451D8CE4973C7D0FB3E19AA"
$appPoolFrameworkVersion = "v4.0"
$webRoot = (resolve-path .)

# Installation
#---------------
Import-Module WebAdministration

cd IIS:\

$appPoolPath = ("IIS:\AppPools\" + $appPoolName)
$pool = Get-Item $appPoolPath -ErrorAction SilentlyContinue
if (!$pool) { 
    Write-Host "App pool does not exist, creating..." 
    new-item $appPoolPath
    $pool = Get-Item $appPoolPath
} else {
    Write-Host "App pool exists." 
}

Write-Host "Set .NET framework version:" $appPoolFrameworkVersion
Set-ItemProperty $appPoolPath managedRuntimeVersion $appPoolFrameworkVersion

Write-Host "Set identity..."
Set-ItemProperty $appPoolPath -name processModel -value @{identitytype="NetworkService"}

Write-Host "Checking site..."
$sitePath = ("IIS:\Sites\" + $siteName)
$site = Get-Item $sitePath -ErrorAction SilentlyContinue
if (!$site) { 
    Write-Host "Site does not exist, creating..." 
    $id = (dir iis:\sites | foreach {$_.id} | sort -Descending | select -first 1) + 1
    new-item $sitePath -bindings @{protocol="http";bindingInformation=$siteBindings} -id $id -physicalPath $webRoot
} else {
    Write-Host "Site exists. Complete"
}

Write-Host "Set app pool..."
Set-ItemProperty $sitePath -name applicationPool -value $appPoolName

Write-Host "Set bindings..."
Set-ItemProperty $sitePath -name bindings -value @{protocol="http";bindingInformation=$siteBindings}
New-ItemProperty $sitePath -name bindings -value @{protocol="https";bindingInformation=$siteBindingsSecure}
Get-Item $siteCertificate | Set-Item IIS://SslBindings/0.0.0.0!443

Write-Host "Set path..."
Set-ItemProperty $sitePath -name physicalPath -value "$webRoot"

Write-Host "IIS configuration complete!"

Answer 2

At 15below we use octopus and have built an open source octopus helper.

One of the functions in the helper powershells include installing into IIS and adding an SSL cert.

the project itself can be found here: https://github.com/15below/Ensconce

with regard to how to use the helper, firstly reference the createWebSite.ps1. - this works out if you are using IIS6 or 7. Then create the app pool, website and add the ssl cert.

here is a small example

$deployTools = "D:\DeployTools\"
. $deployTools\createWebSite.ps1
CreateAppPool "MyAppPool"
CreateWebsite "MyWebsite" "D:\WebsiteDir" "MyAppPool" "MyAppName" "myWebsite.com" "D:\Logs\MyWebsite"
AddSslCertificate "MyWebsite" "CertificateName" "myWebsite.com"

You can also use the ensconce tool to deploy your application and update any config data. - more info on this can be found on the GitHub wiki.

Answer 3

Along with the two changes you have already made, http -> https and 80 -> 443.

Add the following to the end of the deployment script. Where $siteCertThumb is the thumbprint of the certificate stored in the LocalMachine\My store.

Write-Host "Add certificate to binding..."
Get-Item CERT:\LocalMachine\MY\$siteCertThumb | New-Item IIS://SslBindings/$siteBindings