VSTS IIS Deploy Configure IIS site SSL Certificates

1
votes

I'm using VSTS to deploy an asp.net website using the IIS Web App Manage and IIS Web App Deploy tasks which works however I'm looking at ways to automate the installation and configuration of the sites SSL certificate so that I don't have to manually install the ssl cert before deploying the site on the host machine.

I'm considering using the following approach.

1) Include the ssl certificate in the vs solution.

2) Deploy the ssl certificate as part of the site deploy and use the remote powershell task to run 'CertMgr' to install the certificate in the localmachines personal certificate store.

In an ideal world I'd like to include the SSL certificate as part of the deploy definition in VSTS but I couldn't see an option for this? Before I go down the VS solution route is there away to configure VSTS deploy task to download and install an SSL certificate on the remote destination machine?

1
azure-devopsdevopsazure-pipelines

1 Answers

1
votes

There isn’t the built-in task that can download and install certificate. You can add it to the source control or other server (e.g. FTP), then download the certificate during build/release (can download file through PowerShell).

After that you can install certificate through PowerShell task:

$pfxpath = 'pathtoees.pfx'
$password = 'password'

Add-Type -AssemblyName System.Security
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import($pfxpath, $password, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]"PersistKeySet")
$store = new-object system.security.cryptography.X509Certificates.X509Store -argumentlist "MY", CurrentUser
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]"ReadWrite")
$store.Add($cert)
$store.Close()

Related issue: Visual studio team services deploymen/buildt certificate error