IIS SSL Configuration

richard-b · 18 July 2014 00:20

Need to add additional details here. This is the set of logs for the script that is executed:

 |         Success: Octopus.Features.IISWebSite_BeforePostDeploy.ps1
17:04:32   Verbose  |           Running PowerShell script: C:\Program Files\Octopus Deploy\Tentacle\Scripts\Octopus.Features.IISWebSite_BeforePostDeploy.ps1
17:04:33   Info     |           Finding SSL certificate with thumbprint { cert thumbprint }
17:04:33   Info     |           Found certificate: CN=*.adaptgift.com, OU=EssentialSSL Wildcard, OU=Domain Control Validated
17:04:33   Info     |           Application pool "AdaptGift Manage" already exists
17:04:33   Info     |           Set application pool identity: SpecificUser
17:04:34   Info     |           Set .NET framework version: v4.0
17:04:36   Info     |           Site "AdaptGift Manage" already exists
17:04:36   Info     |           Assigning website to application pool...
17:04:36   Info     |           Home directory: C:\Octopus\Applications\Staging\Adapt.Gift.Web.Host\0.0.65.0-Staging
17:04:38   Info     |           Assigning bindings to website...
17:04:38   Info     |           Binding: http *:80:manage-stage.adaptgift.com
17:04:38   Info     |           Binding: https *:443:manage-stage.adaptgift.com {cert thumbprint}
17:04:40   Info     |           Anonymous authentication enabled: True
17:04:41   Info     |           Basic authentication enabled: False
17:04:42   Info     |           Windows authentication enabled: False
17:04:44   Info     |           IIS configuration complete

but when it’s coming through, and i go into IIS admin, it’s changing all my sites on this host to use the *.adaptgift.com certificate, and not just the site being deployed.

Vanessa_Love · 18 July 2014 05:04

Hi Richard,

Thanks for getting in touch! SSL certificates require to have their own IP address. These cannot be shared with others. From what you are describing our thoughts are that this SSL is sharing the same IP address as all the other sites and thus changing the others to use that specified certificate. Can you check to see if that is the case?

Thanks!
Vanessa

richard-b · 22 July 2014 23:48

It was. The issue is that we should be able to use SNI with SSL, which is a current issue with Octopus Deploy.

You do have a community contributed script that I’m presently working with to get around this issue in OD.

David · 2 September 2014 18:28

We’re running into the same issue. We have a shared stage environment across multiple projects. All of them are running on the same address. Any time we deploy a project with an SSL binding, it updates all bindings across all sites with the cert for a single project being deployed.

Is this an IIS config tool issue, or is this a Octopus issue? Also, are there any known workarounds. (Wishing Richard had left a link.)

richard-b · 2 September 2014 18:37

David -

Take a look here:

I wound up figuring out a workaround that you create your http site on port
80, then use this script to create the IIS binding for SSL. Thus far, it
seems to be working flawlessly.

I should prep the script and submit it to the library until the support
comes into play, but just haven’t gotten the time yet.

HTH.
–Richard

davidk · 2 September 2014 18:49

Thanks Richard!

richard-b · 2 September 2014 18:52

You’re welcome. My apologies that I slacked off on updating all the bits
that I posted to. I was pushing to get it working, and forgot all the
places I posted, to be honest.

I’m on https://jabbr.net/#/rooms/octopus along with others that use Octopus
Deploy… it’s a great place for informal discussion surrounding Octopus
Deploy, for what its’ worth.

system · 24 January 2018 21:01