Support multiple SSL bindings to Octopus Server using SNI
We happened to be hosting https://demo.octopusdeploy.com and https://demo.octopus.com using two difference certificates, but the Octopus Manager really only supports a single SSL binding - the last one in the script wins.
Here's an example of the script that worked using hostnameport instead of ipport:
"netsh.exe" http delete sslcert ipport=0.0.0.0:443
"netsh.exe" http add sslcert hostnameport=demo.octopus.com:443 appid={E2096A4C-2391-4BE1-9F17-E353F930E7F1} certhash=FAKE certstorename=My
"netsh.exe" http add sslcert hostnameport=demo.octopusdeploy.com:443 appid={E2096A4C-2391-4BE1-9F17-E353F930E7F1} certhash=FAKE certstorename=My
"C:\Program Files\Octopus Deploy\Octopus\Octopus.Server.exe" configure --instance "OctopusServer" --webForceSSL "True"
"C:\Program Files\Octopus Deploy\Octopus\Octopus.Server.exe" configure --instance "OctopusServer" --webListenPrefixes "http://demo.octopusdeploy.com/,http://demo.octopus.com/,https://demo.octopus.com/,https://demo.octopusdeploy.com/"
"C:\Program Files\Octopus Deploy\Octopus\Octopus.Server.exe" service --instance "OctopusServer" --stop --start
Michael Noonan
shared this idea
-
James Spibey
commented
This is something we'd also benefit from, right now we have to manually configure each SSL certificate on each server