...
As an example, it is assumed you want to bind the HTTPS server to IP address
using port
(the default port for HTTPS connections). Change these values to suit your own requirements.
...
- Start the Microsoft Management Console (MMC) by typing from the command prompt window
- In the application that starts, go to File -> Add/Remove Snap-In...
- Select the Certificates snap-in in the left-hand panel
- Click to move it into the right-hand panel. Select Computer account when prompted, then , then again after selecting Local computer
- Close the Add or Remove Snap-ins window by pressing
- In the Console Root panel, select Certificates (Local Computer), then choose the Personal folder
- Locate your certificate and double-click on it to view its contents
- In the Details tab, scroll down and select the Thumbnail property Thumbprint property (usually at the bottom)
- In the preview window, copy the full thumbnail thumbprint and paste it into a text editor
- Use search and replace to remove the spaces. Keep this compacted thumbprint for the next stepsteps
Binding to an endpoint
...
| Info |
|---|
An endpoint is a combination of an IP address and a port number. In |
...
this example, the endpoint |
...
...
Having found the thumbprint for the certificate you want to use, you must now create a binding between that certificate and the endpoint that Echo will be listening on.
To see which endpoints are currently bound to which certificates, issue the following command:
...
| Code Block |
|---|
| title | Example output |
|---|
| theme | RDark |
|---|
| language | none |
|---|
|
SSL Certificate bindings:
-------------------------
IP:port : 192.168.0.179:443
Certificate Hash : 00112233445566778899aabbccddeeff00112233
Application ID : {aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier :
Ctl Store Name :
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
IP:port : 192.168.0.179:8443
Certificate Hash : 112233445566778899aabbccddeeff0011223344
Application ID : {00000000-1111-2222-3333-444444444444}
Certificate Store Name : (null)
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled |
The
is the thumbnail of the certificate that an endpoint is bound to.
...
| Code Block |
|---|
| title | Removing an existing binding |
|---|
| theme | RDark |
|---|
| language | none |
|---|
|
netsh http delete sslcert ipport=192.168.0.179:8443443
|
Once you are sure your endpoint is no longer bound to a certificate, add a new binding:
| Code Block |
|---|
| title | Adding a new binding |
|---|
| theme | RDark |
|---|
| language | none |
|---|
|
netsh http add sslcert ipport=192.168.0.179:8443443 certhash=0011223344556677889900112233445566778899 appid={ecc39c98-e826-4009-9401-2a5c6e7babbc}
|
The
parameter is the endpoint you want to bind.
The
is the thumbprint (certificate hash) of the SSL certificate you want to use
The
parameter is application-specific and should be set to a value of | Keywordmacro |
|---|
| Label | {ecc39c98-e826-4009-9401-2a5c6e7babbc} |
|---|
|
when used for the Echo application.Enabling HTTPS in Echo
Finally, you must set the protocol and port number in the
configuration file for Echo, as per the following example snippet:| Code Block |
|---|
| title | settings.xml |
|---|
| theme | RDark |
|---|
| language | html/xml |
|---|
|
...
<web>
<bindAddress>192.168.0.179</bindAddress>
<protocol>https</protocol>
<port>443</port>
<username>xxxxxxxxxx</username>
<password>xxxxxxxxxx</password>
</web>
... |
As with any manual change to the configuration file, the Echo application should be restarted for your changes to take effect.