...
As an example, it is assumed you want to bind the HTTPS server to IP address
using port
(the default port for HTTPS connections). Change these values to suit your own requirements.
...
- Start the Microsoft Management Console (MMC) by typing from the command prompt window
- In the application that starts, go to File -> Add/Remove Snap-In...
- Select the Certificates snap-in in the left-hand panel
- Click to move it into the right-hand panel. Select Computer account when prompted, then , then again after selecting Local computer
- Close the Add or Remove Snap-ins window by pressing
- In the Console Root panel, select Certificates (Local Computer), then choose the Personal folder
- Locate your certificate and double-click on it to view its contents
- In the Details tab, scroll down and select the Thumbnail property Thumbprint property (usually at the bottom)
- In the preview window, copy the full thumbnail thumbprint and paste it into a text editor
- Use search and replace to remove the spaces. Keep this compacted thumbprint for the next stepsteps
Binding to an endpoint
...
Info |
---|
An endpoint is a combination of an IP address and a port number. In this example, the endpoint is . |
Having found the thumbprint for the certificate you want to use, you must now create a binding between that certificate and the endpoint that Echo will be listening on.
To see which endpoints are currently bound to which certificates, issue the following command:
...
Code Block |
---|
title | Example output |
---|
theme | RDark |
---|
language | none |
---|
|
SSL Certificate bindings:
-------------------------
IP:port : 192.168.0.179:443
Certificate Hash : 00112233445566778899aabbccddeeff00112233
Application ID : {aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier :
Ctl Store Name :
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
IP:port : |
The
is the thumbnail of the certificate that an endpoint is bound to.If a binding already exists for the endpoint you want to use, remove it with the following command:
Code Block |
---|
title | Removing an existing binding |
---|
theme | RDark |
---|
language | none |
---|
|
netsh http delete sslcert ipport=192.168.0.179:8443
Certificate Hash : 112233445566778899aabbccddeeff0011223344
Application ID : {00000000-1111-2222-3333-444444444444}
Certificate Store Name : (null)
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier 443
|
Once you are sure your endpoint is no longer bound to a certificate, add a new binding:
Code Block |
---|
title | Adding a new binding |
---|
theme | RDark |
---|
language | none |
---|
|
netsh http add sslcert ipport=192.168.0.179:443 certhash=0011223344556677889900112233445566778899 appid={ecc39c98-e826-4009-9401-2a5c6e7babbc}
|
The
parameter is the endpoint you want to bind.The is the thumbprint (certificate hash) of the SSL certificate you want to useThe parameter is application-specific and should be set to a value of Keywordmacro |
---|
Label | {ecc39c98-e826-4009-9401-2a5c6e7babbc} |
---|
|
when used for the Echo application.Enabling HTTPS in Echo
Finally, you must set the protocol and port number in the
configuration file for Echo, as per the following example snippet: Code Block |
---|
title | settings.xml |
---|
theme | RDark |
---|
language | html/xml |
---|
|
...
<web>
<bindAddress>192.168.0.179</bindAddress>
<protocol>https</protocol>
<port>443</port>
: (null)<username>xxxxxxxxxx</username>
Ctl Store Name <password>xxxxxxxxxx</password>
: (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled |
Take a note of the "Certificate Hash" of the SSL certificate you want to use. This is known as the thumbprint.
Remove any existing binding to that certificate for the endpoint you want to use:
netsh http delete sslcert ipport=192.168.0.179:8443
...
As with any manual change to the configuration file, the Echo application should be restarted for your changes to take effect.