Integrations
Free trial

Azure - Set Web App SSL Certificate

Octopus.AzurePowerShell exported 2018-03-29 by MJRichardson belongs to ‘Azure’ category.

Configures the SSL binding for an Azure Web App to use an Octopus-managed certificate

Parameters

When steps based on the template are included in a project’s deployment process, the parameters below can be set.

Azure Subscription

SslAzureSubscription =

null

Azure Web App

SslWebApp =

The name of the Azure Web App for which the SSL binding will be created.

Resource Group

SslResourceGroup =

The name of the Azure Resource Group containing the Web App

Slot

SslSlot =

The Azure Deployment Slot (optional)

Domain Name

SslDomainName =

The fully qualified domain name for the SSL binding. e.g. store.acme.com

Certificate

SslCertificate =

The certificate to be used for the SSL binding

SSL State

SslState = SniEnabled

Specifies the SSL state of the certificate

Script body

Steps based on this template will execute the following undefined script.

<#
Takes an Octopus certificate variable and
    1) Writes it to a temporary file with a password (as Azure requires the PFX have a password)
    2) Invokes New-AzureRmWebAppSSLBinding
    3) Removes the temporary certificate file
#>

$ErrorActionPreference = 'Stop'

Write-Verbose "Creating temporary certificate file"
$TempCertificateFile = New-TemporaryFile
# The PFX upload to Azure must have a password. So we give it a GUID.
$Password = [guid]::NewGuid().ToString("N")

$CertificateName = $OctopusParameters["SslCertificate.Name"]

Write-Host "Creating HTTPS binding on web app '$SslWebApp' for domain $SslDomainName using certificate '$CertificateName' "

$CertificateBytes = [Convert]::FromBase64String($OctopusParameters["SslCertificate.Pfx"])
[IO.File]::WriteAllBytes($TempCertificateFile.FullName, $CertificateBytes)
Get-PfxData -FilePath $TempCertificateFile.FullName | Export-PfxCertificate -FilePath $TempCertificateFile.FullName -Password (ConvertTo-SecureString -String $Password -AsPlainText -Force)

$BindingParams = @{
    WebAppName = $SslWebApp
    ResourceGroupName = $SslResourceGroup
    Name = $SslDomainName
    CertificateFilePath = $TempCertificateFile.FullName
    CertificatePassword = $Password
    SslState = $SslState
}

if ($SslSlot) { $BindingParams['Slot'] = $SslSlot }

New-AzureRmWebAppSSLBinding @BindingParams

Write-Verbose "Removing temporary certificate file"
Remove-Item $TempCertificateFile.FullName -Force

Provided under the Apache License version 2.0.

Report an issue

To use this template in Octopus Deploy, copy the JSON below and paste it into the Library → Step templates → Import dialog.

{
  "Id": "72a32f48-2de9-4dac-9c47-b491413478e2",
  "Name": "Azure - Set Web App SSL Certificate",
  "Description": "Configures the SSL binding for an Azure Web App to use an [Octopus-managed certificate](https://octopus.com/docs/deploying-applications/certificates)",
  "Version": 1,
  "ExportedAt": "2018-03-29T00:48:05.333Z",
  "ActionType": "Octopus.AzurePowerShell",
  "Author": "MJRichardson",
  "Parameters": [
    {
      "Id": "a8d7da9d-39d6-4bcd-9a08-fe81210e364c",
      "Name": "SslAzureSubscription",
      "Label": "Azure Subscription",
      "HelpText": null,
      "DefaultValue": "",
      "DisplaySettings": {
        "Octopus.ControlType": "AzureAccount"
      },
      "Links": {}
    },
    {
      "Id": "4b978b3d-4f87-49d7-b814-14e2f9ef878a",
      "Name": "SslWebApp",
      "Label": "Azure Web App",
      "HelpText": "The name of the Azure Web App for which the SSL binding will be created.",
      "DefaultValue": "",
      "DisplaySettings": {
        "Octopus.ControlType": "SingleLineText"
      },
      "Links": {}
    },
    {
      "Id": "df5ee03d-1a63-44c0-b3c4-d75020b1f2b8",
      "Name": "SslResourceGroup",
      "Label": "Resource Group",
      "HelpText": "The name of the Azure Resource Group containing the Web App",
      "DefaultValue": "",
      "DisplaySettings": {
        "Octopus.ControlType": "SingleLineText"
      },
      "Links": {}
    },
    {
      "Id": "ff318b09-27de-483c-a9c8-b0583e15208c",
      "Name": "SslSlot",
      "Label": "Slot",
      "HelpText": "The Azure Deployment Slot (optional)",
      "DefaultValue": "",
      "DisplaySettings": {
        "Octopus.ControlType": "SingleLineText"
      },
      "Links": {}
    },
    {
      "Id": "9f488222-f373-4f70-841b-3f340357bb85",
      "Name": "SslDomainName",
      "Label": "Domain Name",
      "HelpText": "The fully qualified domain name for the SSL binding. e.g. store.acme.com",
      "DefaultValue": "",
      "DisplaySettings": {
        "Octopus.ControlType": "SingleLineText"
      },
      "Links": {}
    },
    {
      "Id": "b8bda333-894a-4223-a07d-afb336b8f75f",
      "Name": "SslCertificate",
      "Label": "Certificate",
      "HelpText": "The certificate to be used for the SSL binding",
      "DefaultValue": "",
      "DisplaySettings": {
        "Octopus.ControlType": "Certificate"
      },
      "Links": {}
    },
    {
      "Id": "b9c953f5-a21d-4c64-b134-7295d6d7d48e",
      "Name": "SslState",
      "Label": "SSL State",
      "HelpText": "Specifies the SSL state of the certificate",
      "DefaultValue": "SniEnabled",
      "DisplaySettings": {
        "Octopus.ControlType": "Select",
        "Octopus.SelectOptions": "SniEnabled\nIpBasedEnabled\nDisabled"
      },
      "Links": {}
    }
  ],
  "Properties": {
    "Octopus.Action.Script.ScriptSource": "Inline",
    "Octopus.Action.Azure.AccountId": "#{SslAzureSubscription}",
    "Octopus.Action.Script.ScriptBody": "<#\nTakes an Octopus certificate variable and\n    1) Writes it to a temporary file with a password (as Azure requires the PFX have a password)\n    2) Invokes New-AzureRmWebAppSSLBinding\n    3) Removes the temporary certificate file\n#>\n\n$ErrorActionPreference = 'Stop'\n\nWrite-Verbose \"Creating temporary certificate file\"\n$TempCertificateFile = New-TemporaryFile\n# The PFX upload to Azure must have a password. So we give it a GUID.\n$Password = [guid]::NewGuid().ToString(\"N\")\n\n$CertificateName = $OctopusParameters[\"SslCertificate.Name\"]\n\nWrite-Host \"Creating HTTPS binding on web app '$SslWebApp' for domain $SslDomainName using certificate '$CertificateName' \"\n\n$CertificateBytes = [Convert]::FromBase64String($OctopusParameters[\"SslCertificate.Pfx\"])\n[IO.File]::WriteAllBytes($TempCertificateFile.FullName, $CertificateBytes)\nGet-PfxData -FilePath $TempCertificateFile.FullName | Export-PfxCertificate -FilePath $TempCertificateFile.FullName -Password (ConvertTo-SecureString -String $Password -AsPlainText -Force)\n\n$BindingParams = @{\n    WebAppName = $SslWebApp\n    ResourceGroupName = $SslResourceGroup\n    Name = $SslDomainName\n    CertificateFilePath = $TempCertificateFile.FullName\n    CertificatePassword = $Password\n    SslState = $SslState\n}\n\nif ($SslSlot) { $BindingParams['Slot'] = $SslSlot }\n\nNew-AzureRmWebAppSSLBinding @BindingParams\n\nWrite-Verbose \"Removing temporary certificate file\"\nRemove-Item $TempCertificateFile.FullName -Force"
  },
  "Category": "Azure",
  "HistoryUrl": "https://github.com/OctopusDeploy/Library/commits/master/step-templates//opt/buildagent/work/75443764cd38076d/step-templates/azure-web-app-ssl.json",
  "Website": "/step-templates/72a32f48-2de9-4dac-9c47-b491413478e2",
  "Logo": "iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAMAAACahl6sAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAADNQTFRF////AHjXf7vrv931QJrh7/f8EIDaIIncMJHfYKvmz+b3n8zw3+76j8Ttr9XycLPpUKLkkKvYFAAABGZJREFUeNrsnNmCqjoQRc1MEiD8/9cer7Yt2KBJZQC8ez07sKlKTQlcLgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzoUSnt8YxXlFuGHSbIaxvj+fip4btkLn1blkWLaF5v03yLhLOYlVuGYfMOMZzNGxCOzhjTJqFkXnjq3Dr1yyvPI3hGl3Ih3zzHHNKudRstRhX5O58vIcShY67Gq6EPIESlzUWvazaGAOGbvU7ArDu/g8M4o8opDZWvbvPzlL/MMBE8jT9T9W7PbAJlHPTBFRf9yVTEcs63msXz2UHLSgf650G/d5t+wjbxxB2UCMqGrk8/LFSD7uJMeNt5bcJCyQZyAe5Fo9KYfWS2flQrr4b4tpuzaeWjYs49rt9LHf9uZD7+VbyVi9EBNrjYjuq2sxQOrl+p+HuBVu45qvqfq691ttYFQ5KyKbyJgaIY/NGxrlWZwlwGvmvu1oY3PuAv0niTq6tZ78jk//9uc1r1r4lQki7y7sp2Tu4V1y2iLoqFTqi1lIGcpFiebrZNZ1dOkF0cCIlO8jQ47nCkam9Lilz9GhDF1I6XGLzfnhwDIIZVfI7+8SSgfHsijqXENOGJF5QorG4EcW0OrScqX/dDrXpr70Ut/BII+1OfECPuYz/NWxYmgrCsUskxPvyhgmrw+WGZ6lGTuOlIyCYWTFyWjpM5KIZRUIOwjRNYRQ6tZF9BXtk8hWAHPtLNJ727Fq0JSkC1FDRRF0Jalj0d5qVh2KEpM2TuSsCYTCT6ZkdmFYI9LrYp5QayWbo6NXlZwcRD/61pth5Fq5EX423QQxNjhqWvvklkljOLkYjrmphXPZOJOk6Pg7HKMsrtQKcowzZoK3rx1ZUelGMdQA/HaKkjAt2RgqpZeYqbNbH7Hp2ct4nqfSPOfe0ftiSTZJydOV6rG5bQbyLK+nRuCC0343PzDgiOXyQA5c14BTZi98uR/5KJ1SnatLdoO50WWBQZPTq0VgsklU3h932actuo17ayrHrb/3ykiegd3KbqF2wbV6RrlsJ07yLcpsWFTul9RyK6ZScr+tk7oNrFj0o7HQUlj4EiEvJ6rPLKSmlMZCrksl1OnLaRkxc+/HB1naMhNtT/6yM2bDs6azCRHrM3aVPN7aW8irD/10B8njpAMcsl8okXcdKrl4sPsLmQVy/Sj90ucPRc/d/Bxxj+dXSpCayen32D+hLi16MsIV8gfCXrYp6ySsiJKRUF0XXiLpVbFU+fNv4r7mOwhFsX4ZdwpSi1DYs2jb6ebZ9788cblTzMrYhu7sf/17IFdtuviJ2ioHA6pMHkoH4CLUeMBU7iGkxuM/YgcdderF9ibRdc7O982F1HpYhjfWUe+x5a6pjop9iNLfoePvlsdZdTSMwfxSmTY20Q0eHnUNzga1edeNmmqbg18aMVR1L9vwSXHF9TfIWBxpKLs2hj3eQeBC0USvp2HHF3eIkRdhFOd6ER8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA/I/4J8AAo/80BciBec4AAAAASUVORK5CYII=",
  "$Meta": {
    "Type": "ActionTemplate"
  }
}

History

Page updated on Thursday, March 29, 2018