3

I am trying to deploy some MVC4 web apps with secure bindings on Windows Server 2008R2 and WiX 3.6 (stable)

I am desperately trying to get this to work without resorting to writing a follow-up powershell script or my own custom action.

The WiX iis:Certificate extension wants to install the certificate for me first before I can use it. That's not going to work in a production environment. The certificate is not going to be available to the installer at any time in .cer or .pfx form. It will already be deployed on the target machine in the localMachine/my store where you'd normally go when installing manually with the IIS7 snap-in. I will want the installer to be able to reference it by supplying any of the following: thumbprint, Friendly id or perhaps find it matching the web site host header binding pattern.

Is there any way of referencing a pre-installed certificate in WiX script without having the original .pfx file and password at build time or install time? (I got these last two scenarios working fine in test, but it isn't what the client wants).

Thanks.

Simon
  • 58
  • 1
  • 7

2 Answers2

3

I had a similar requirement to you so I wrote a post about it: http://manyrootsofallevilrants.blogspot.co.uk/2013/07/assign-certificate-set-https-binding.html

ManyRootsofAllEvil
  • 513
  • 7
  • 23
  • This is very similar to what I actually ended up doing. I just used the certificate friendly name. Thanks! – Simon Oct 10 '14 at 12:56
0

Well it's been a while since I posted this.

Since then, I got on with it and wrote a custom action in C# to do the heavy lifting. Powershell didn't seem to give me the control of failure modes that I needed.

I can't post the code - since it belongs to my client, but I can say that I used Microsoft.Web.Administration in a similar way to that described in this question: Programatically Import Cert Into IIS. I hope that helps. It wasn't the answer I wanted, but it did solve the problem.

Community
  • 1
  • 1
Simon
  • 58
  • 1
  • 7