Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Start the Microsoft Management Console (MMC) by typing 
    Keywordmacro
    Labelmmc.exe
    from the command prompt window
  • In the application that starts, go to File -> Add/Remove Snap-In...
  • Select the Certificates snap-in in the left-hand panel
  • Click
    Buttonmacro
    LabelAdd >
    to move it into the right-hand panel.  Select Computer account when prompted, then
    Buttonmacro
    LabelFinish
    , then
    Buttonmacro
    LabelFinish
     again after selecting Local computer
  • Close the Add or Remove Snap-ins window by pressing
    Buttonmacro
    LabelOK
  • In the Console Root panel, select Certificates (Local Computer), then choose the Personal folder
  • Locate your certificate and double-click on it to view its contents
  • In the Details tab, scroll down and select the Thumbnail property Thumbprint property (usually at the bottom)
  • In the preview window, copy the full thumbnail thumbprint and paste it into a text editor
  • Use search and replace to remove the spacesKeep this compacted thumbprint for the next stepsteps

Binding to an endpoint

...

Info

An endpoint is a combination of an IP address and a port number.  In

...

this example, the endpoint

...

is

Keywordmacro
Label192.168.0.179:443
.

Having found the thumbprint for the certificate you want to use, you must now create a binding between that certificate and the endpoint that Echo will be listening on.

To see which endpoints are currently bound to which certificates, issue the following command:

Code Block
titleList current bindings
themeMidnight
languagepowershell
 
 netsh http show sslcert
 
Code Block
titleExample output
themeRDark
languagenone
 
 SSL Certificate bindings:
 -------------------------
    IP:port                 : 192.168.0.179:443
    Certificate Hash        : 00112233445566778899aabbccddeeff00112233
    Application ID          : {aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee}
    Certificate Store Name  : MY
    Verify Client Certificate Revocation    : Enabled
    Verify Revocation Using Cached Client Certificate Only    : Disabled
    Usage Check    : Enabled
    Revocation Freshness Time : 0
    URL Retrieval Timeout   : 0
    Ctl Identifier          :
    Ctl Store Name          :
    DS Mapper Usage    : Disabled
    Negotiate Client Certificate    : Disabled
 

...

Code Block
titleRemoving an existing binding
themeRDark
languagenone
 
 netsh http delete sslcert ipport=192.168.0.179:443
 

...

Code Block
titleAdding a new binding
themeRDark
languagenone
 
 netsh http add sslcert ipport=192.168.0.179:443 certhash=0011223344556677889900112233445566778899 appid={ecc39c98-e826-4009-9401-2a5c6e7babbc}
 

...

Code Block
titlesettings.xml
themeRDark
languagehtml/xml
 ...
    <web>
        <bindAddress>192.168.0.179</bindAddress>
        <protocol>https</protocol>
        <port>443</port>
        <username>xxxxxxxxxx</username>
        <password>xxxxxxxxxx</password>
    </web>
 ...

As with any manual change to the configuration file, the Echo application should be restarted for your changes to take effect.