Upload Certificate to Azure

(david.grittmann) #1

I’m having trouble using the Octopus Certificate Store with the Azure PowerShell step to upload a certificate to an Azure App Service.

I am trying to use Azure PowerShell, but I’m having trouble getting the -CertificateFilePath parameter to work. Is the full path of the certificate file available as a parameter during the Azure PowerShell step?
$OctopusParameters[“Certificate.Thumbprint”], $OctopusParameters[“Certificate.Password”] appear to be working fine for those values.

Example PowerShell https://docs.microsoft.com/en-us/azure/app-service-web/app-service-web-app-powershell-ssl-binding
New-AzureRmWebAppSSLBinding -ResourceGroupName myresourcegroup -WebAppName mytestapp -CertificateFilePath PathToPfxFile -CertificatePassword PlainTextPwd -Name www.contoso.com

(Cameron MacFarland) #2

Hi David,

Thanks for getting in touch with us. Octopus Deploy doesn’t output the certificate as a file during deployment. Instead it’s stored in a variable that you can access alongside the thumbprint and password.

Here is some PowerShell that takes the certificate and writes it to disk. Then you can execute the Azure command and use that file.

[System.IO.File]::WriteAllBytes("C:\TheCertificateFile.cer", [System.Convert]::FromBase64String($OctopusParameters["Certificate.Certificate"]))

Hope that helps.
Cameron

(david.grittmann) #3

That worked! I’ll provide the script here in case anyone else would find it useful.

I create an Octopus Variable, CSVString, with these headings.
WebAppName,ResourceGroupName,DNSName

Azure PowerShell Script

$Path = Convert-Path .
Write-Host "Current Directory is $Path"
$FilePath = "$Path\certificatefile.pfx"
[System.IO.File]::WriteAllBytes($FilePath, [System.Convert]::FromBase64String($OctopusParameters["Certificate.RawOriginal"]))
$Password = $OctopusParameters["Certificate.Password"]
$APPS = ConvertFrom-Csv $CSVString
foreach ($APP in $APPS){
Write-Host "Uploading $($APP.WebAppName) $($APP.ResourceGroupName) $($APP.DNSNAME)"
try{
$WebAPP = Get-AzureRmWebApp -ResourceGroupName $APP.ResourceGroupName -Name $APP.WebAppName
New-AzureRmWebAppSSLBinding -WebApp $WebApp -Name $APP.DNSNAME -SslState "SniEnabled" -CertificateFilePath "$FilePath" -CertificatePassword "$Password"
    }
catch{
    Write-Warning "Failed to upload certificate for $($APP.WebAppName) $($APP.ResourceGroupName) $($APP.DNSNAME) check for typos"
    Write-Warning "Error Details: $($error[0])"
    }
}
(david.grittmann) #4

I want to add that the site must exist and the domain must already be assigned (and validated with CNAME) in the web app in Azure for this script to successfully install and bind the certificate

sample CSVString variable would be

WebAppName,ResourceGroupName,DNSName

custominhouseapp1,DEMO1-RG,customapp2.octopus.com

custominhouseapp2,DEMO2-RG,customapp2.octopus.com
(system) closed #6