Deploy SSL certificate to Azure WebApp

I have an existing WebApp deployment configured and running fine.
Now my latest version of the app includes an SSL certificate which the application uses (by loading it as an X509Certificate2 object in C#).
The certificate file (pfx), can be copied into the wwwroot\bin folder of the deployed webapp, or it could be loaded into the certificate store (not even sure if that is a thing for Azure WebApps, so maybe it’s safer to just copy the cert file to deployed webapp folder).

I have uploaded the certificate file into my Octopus server as a certificate, and created a certificate variable in my project. However, I’m unsure how to actually deploy that as a file that the webapp can access.

I tried powershell script, to create the pfx file from the certificate variable, but this runs on the Octopus server, not in Azure.
I also tried the Import Certificate step but this needed a Deployment Target in Roles configured, and I’m not sure what that means.

Any suggestions on the best way to achieve this?

I found a way to do this using a combination of Powershell script and the Kudu API, see below.

$path = Convert-Path .
$filePath = “$path\certificate.pfx”
[System.IO.File]::WriteAllBytes($filePath, [System.Convert]::FromBase64String($OctopusParameters[“CertificateVariable.RawOriginal”]))

$username = $OctopusParameters[“AppServiceUserName”]
$password = $OctopusParameters[“AppServicePassword”]
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $username,$password)))

$apiUrl = “https://$($OctopusEnvironmentName)
$headers = New-Object “System.Collections.Generic.Dictionary[[String],[String]]”
$headers.Add(“Authorization”, (“Basic {0}” -f $base64AuthInfo))
$headers.Add(“If-Match”, “*”)

Invoke-RestMethod -Uri $apiUrl -Headers $headers -Method PUT -InFile $filePath -ContentType “multipart/form-data”

Hey Daniel,

I’m glad to hear you got this working.

Another approach would be to use the az command-line (which is also available in the Azure Script steps), and use the az webapp config ssl upload and az webapp config ssl bind commands. This post gives an example.

But your current approach works, so great!

Please reach out if we can help :slight_smile: