Overview
Whenever a wildcard cert for one of our Alarmbiller domains is renewed, we need to update the thumbprint in Octopus to use that new cert on deployment. This makes sure that we cleanly keep a valid cert running in both our test environment and production environments. Cloud IT will be doing the actual procurement and install of the cert itself on the environment servers. Development will update the Octopus project.
Failing to do this before the next deployment will cause the old cert to be bound to the site. This could lead to problems both for users as well as integrations that rely on the cert being valid. It can be fixed but must be done by hand or redeployment once fixed.
Environments
We need to maintain the following environments:
- servicebiller.com - 10.0.0.55
- alarmbiller.com - 10.0.0.87
- sedonaone.com - 10.0.0.76
IT will need to notify Development when they update a cert on any of these environments. We will then update the Octopus projects.
Tracking
|
Environment |
Existing Thumbprint | Date Changed | Changed By |
| ServiceBiller.com | b3afda06f9573328e691d423de55a207e537e193 | 4/15/2021 | Toby Prescott |
| AlarmBiller.com | 2ace8c1c825b4135bb81e6be86b7967167d5550a | ||
| SedonaOne.com | e9a782faa7a6bbc5583d6c0b7c8b4bef0ee1ea4d | 4/15/2021 | Toby Prescott |
Octopus Update
Gather New Thumbprint
In order to update the project in Octopus, we first need the new Thumbprint. The easiest way to get this is by looking at the website for the respective product.
Then click on the lock icon and the certificate
Click on the Details tab and scroll down to the Thumbprint. Click on this and copy out the thumbprint for later.
Octopus Project Bindings
Octopus has defined projects for these environments. We are focused on two of them:
- SedonaOne Production
- SedonaOne Test
The easiest way to find these is to click on Projects and search for "sedonaone"
The examples below are for the production environment and sedonaone.com domain but it is the same for the others.
First, click on the project and then the process tab
We must update each IIS process to use the new thumbprint.
Click on the ABIIS1 process and expand the Bindings section under Features.
Scroll down to see the one or more bindings that will be created when this deployment process runs. You need to be VERY careful that you are updating the correct one.
First check the IP address against the domains listed in the Environment section above. Then check what is shown against the "Existing Thumbprint" listed in the Tracking section above. Once you are certain of one you are updating, click on that binding definition.
Scroll down to the SSL thumbprint and replace the value with the new one. Press Ok and Save
Once you have updated ALL of the IIS environments, Update the "Tracking" section of this document with the new Thumbprint. This is so that we can tell when it was done as well as match up entries the next time we do the update.
