How to enable SNI on IIS HTTPS binding?

mikael · 24 February 2014 06:40

We’re using Octopus Deploy and its “IIS web site and application pool” process feature to deploy our ASP.NET MVC app to IIS. It’s working great.

Now, we would like to enable SNI for the HTTPS binding. Octopus Deploy doesn’t seem to provide a built-in checkbox for this. How could we customize the Octopus Deploy’s IIS deployment so that the SNI is enabled automatically?

If it makes things easier, it’s OK for us if Octopus Deploy automatically enables SNI for all the HTTPS bindings, we don’t need a setting for it.

(This is a repost from SO: http://stackoverflow.com/questions/21954531/octopus-deploy-enable-sni-on-iis-https-binding)

Paul_Stovell · 25 February 2014 06:24

Thanks Mikael, I’ve replied on StackOverflow

Paul

Dattha · 16 June 2016 06:43

Looks like solution to this problem is not figured out yet. Even in Stack Overflow there aren’t any specific solutions.

Dalmiro · 16 June 2016 20:35

Hi @Dattha,

Thanks for getting in touch. You are correct, a solution for this still hasn’t been implemented.

Could you please log a feature request in Uservoice to add SNI support in IIS? If enough users vote for it, we will definitely consider adding support to it.

https://octopusdeploy.uservoice.com/

For the time being I’d recommend you to enable SNI for your website after the deployment in a dedicated step using Powershell.

Best regards,
Dalmiro

Dattha · 17 June 2016 05:10

I have voted for the feature. However, a temporary solution can be achived through below link.

github.com

OctopusDeploy/Library/blob/62da21d960f451765834db1ef4407fde7b742a7d/step-templates/iis-bind-ssl-certificate-with-sni-enabled.json

{
  "Id": "ActionTemplates-34",
  "Name": "IIS - Bind SSL Certificate with SNI Enabled",
  "Description": "Applies a https binding, with SNI enabled.",
  "ActionType": "Octopus.Script",
  "Version": 9,
  "Properties": {
    "Octopus.Action.Script.ScriptBody": "$WebsiteName = $OctopusParameters['WebsiteName']\r\n$SSLBindingHost = $OctopusParameters['SSLBindingHost']\r\n$CertificateThumbPrint = $OctopusParameters['CertificateThumbPrint']\r\n\r\nnew-webbinding -Name $WebsiteName -Protocol \"https\" -Port 443 -HostHeader $SSLBindingHost -SslFlags 1\r\nnetsh http add sslcert hostnameport=$($SSLBindingHost):443 certhash=$CertificateThumbPrint appid='{58ee6009-4e61-400b-80cf-dedc242faf63}' certstorename=MY\r\n"
  },
  "SensitiveProperties": {},
  "Parameters": [
    {
      "Name": "WebsiteName",
      "Label": "Website Name",
      "HelpText": "Name of the web site in IIS",
      "DefaultValue": null
    },
    {
      "Name": "SSLBindingHost",
      "Label": "SSL Binding Host",

This file has been truncated. show original