How do I install certificates using Octopus Deploy? - octopus-deploy

When deploying applications using Octopus Deploy, how do I include the SSL/TLS certificate?

When deploying to Internet Information Services (IIS), the built-in Deploy to IIS step has the ability to include an SSL/TSL certificate variable and bind it to IIS when deployed.
The first step will be to add a certificate variable to your project. Click on Variables and create a new variable. Click on Change Type and select Certificate
Once you've added your variable, add the Deploy to IIS step to your project
Scroll down to the Bindings section and click the Add button
Choose HTTPS then select your certificate variable
And that's all! When your application is deployed, it will also deploy the certificate to the server and bind it to port 443 in IIS!
Octopus Deploy also contains steps that will import certificates to Tomcat, Wildfly, or Java keystore.

Related

Visual Studio 2019 Azure KeyVault configuration error when publish

I want to deploy my project to Azure in an App Service I have just created. Also, I created a KeyVault for all my settings.
When I try to deploy to app to the service, I have to configure the connection strings for the databases.
I click on Configure and follow the instruction and select the right app service or KeyVault. Then, in the last step, I receive this error.
Dependency configuration progress
Failed to resolve token 'ProfileResourceId'.
ErrorEmpty parameter 'resourceId'...
ErrorFailed to configure Azure AppService settings.
Failed to configure dependency Azure Key Vault secrets1
How can I fix it?
More details
I didn't follow any documentation. Usually, I use Azure DevOps to deploy application to Azure. In this case, I prefer to deploy the application from my laptop.
For that, I downloaded the publish profile from the portal and added in Visual Studio.
Then, I see some alert. At the beginning I ignored the alert but the deployed application doesn't work. So, I tried to configure each dependence.
If I press on the + to add a new service dependency, I select Azure Key Vault. Select the Azure subscription and the keyvault. Then, the local variable and review the setting. Then Finish.
In the solution I see some files for ServiceDependencies
What it is strange to me is that in the project I successful configured the Connected Services.
I had a similar issue with Application Insights. I was able to resolve by clicking "Restore service dependencies and their settings" in the Publish window.
After clicking, I was able to configure my dependencies without the "Failed to resolve token 'ProfileResourceId'." error.

.NET Core (OS X) - How to add self-signed certificate, bound to Kestrel for alternative name of localhost?

I need to serve an ASP.NET Core (2.1) app from the local machine using an alternative name of the localhost.
I created an entry in the /etc/hosts file:
127.0.0.1 localh0st
and I also modified the runtime configuration of the web application (Rider Debug Configuration) to use this hostname in the ASPNETCORE_URLS environment variable.
I can start the app and access it in the browser via HTTPS but I get the certificate error because the certificate common name is localhost and not localh0st. This is expected.
I want to be able to load the site without warnings. For this I believe I have to take the following steps (which I don't know how to achieve):
Create a self-signed certificate for this new hostname
Place this certificate in the OS X's keychain and trust it
Instruct Kestrel to use this particular certificate and not the localhost one.
I am not sure these are the steps, and how to achieve them.

Project Server service application missing

I just installed SharePoint and Project Server. When I run configuration wizard to configure service applications, I do not find "Project Server" service application in the list. What could be the reason for that?
You need to configure Project server application separately.
1. Go to System Settings section in CA, click Manage services on server
2. On the Service list, click Start next to Project Server Application Service.
3. Create a Project Server service application in CA or using PowerShell.

Accessing HTTPS content from out-of browser Silverlight 4 applications

I am using some of the local machine's resources using COM interop functionality provided in Silverlight 4.0. Hence, naturally I need OOB with elevated permissions. However, in my case I am consuming the WCF services hosted on HTTPS channel. Here is where I am facing the problem. The OOB with elevated permissions applied, doesn't allow me consuming the HTTPS service hosted on either different or the same domain, giving me a NotFound exception. Please note that I have used the self-signed certificate for the development environment. The same is also installed in the Trusted Root folder of the client machine on which I am testing.
Interestingly, when I set the Fiddler options (in Fiddler session, Toos -> Fiddler Options -> HTTPS tab) to intercept the HTTPS traffic, with Decrypt HTTPS traffic checkbox set, I am able to use the same HTTPS service without any exception. But for that, I was told by Fiddler to store a temporary certificate inside my user profile's Fiddler directory, and I must have at least one Fiddler session at that time. Hence, it seems to be a certification issue. But does it relate in anyway to signing of the XAP file with the required certificate ? I am not sure. I tried with a self-signed certificate and bind my layer service URL to use that certificate. Then I install the same certificate to Trusted root folder of the client. But i was not successful in signing the XAP with that certificate.
Please let me know if you have any work-around.
If the code is running in a different user's context, you need to put your "Self-signed" certificate into the Machine Trusted Root store. Start mmc.exe. On the File menu, choose to Add a Snap-in. Add the Certificates snap-in. Pick Local Machine. Import the Self-signed root into the Trusted Root store.
I had the same problem and found out, that the SSL settings in IIS were wrong.
I configured IIS 7.5 to SSL only and to accept client certificates. With this settings, I ended up with the service not found error in OOB. After setting IIS to ignoring client certificates the OOB Application works fine.

ClickOnce Not Obeying Installation Folder for Localhost

I'm testing a ClickOnce application deployment. I have setup a virtual directory on my machine (running IIS). I have specified http://localhost/SampleApplication as the Installation Folder URL in the Publish tab of Visual Studio. However, when I publish the application I get the following error:
Warning: Files could not be downloaded
from http://chrish/SampleApplication/.
The remote server returned an error:
(407) Proxy Authentication Required.
Publish success.
Warning: Unable to
view published application at
http://chrish/SampleApplication/publish.htm.
http://chrish/SampleApplication/publish.htm
Notice how it has changed my url from Localhost to my login name. Why? This wasn't happening a week ago.
ClickOnce installation involves verifying that the server name matches the expected name. Thus localhost always gets translated under the covers to the computer name [not the username as you suggest in your question] (one of many confusing things ClickOnce does - one side effect of this is that if you want to set up 3 download servers, you need to do 3 separate publishes and/or script the publish like this) or like this. So this is not a surprise - it's always doing that under the covers.
The 407 error relates to proxy auth. This implies downloading is being diverted via a proxy such as Microsoft ISA Server. Have a look in your IE Internet Options Connections Proxy Settings and make sure its bypassing for local addresses [such as chrish].
The reason it's reporting success is that the upload likely uses an alternate mechanism than the verification does and isn't being routed via / blocked by the proxy. (The underlying problem is that the .NET framework does not by default pass proxy credentials and you'd need to either apply a config entry for devenv or whatever does the publish or have the build process call a test step with extra code that does send the proxy credentials](http://blogs.msdn.com/jpsanders/archive/2009/03/24/httpwebrequest-webexcepton-the-remote-server-returned-an-error-407-proxy-authentication-required.aspx). See also How should I set the default proxy to use default credentials?)
ClickOnce doesn't like "localhost", but you can work around that.
If you set the Publishing Folder Location to:
C:\inetpub\wwwroot\SampleApplication\
and the Installation Folder URL to:
http://chrish/SampleApplication/
(where "chrish" is the network name of your computer) then you can publish locally.

Resources