SSL on Vista with WCF and Netsh (or retired httpcfg)

Damir Dobric Posts

Next talks:



Follow me on Twitter: #ddobric




To install the certificate into http.sys stack there are currently at least two ways:

a) By using of Internet manager
b) By using of NETSH tool

If you want to host the service in IIS7 then the Internet Manager is the right option. In this post you can find detailed description. However if you want to use the self hosted service (windows service of console application) then NETSH toll will be the right solution for you.
For example, after you created the SSL certificate for the site (application) by using Internet Manager, you can use NETSH to view installed certificates.

Here is an example which shows all installed certificates:

>netsh http show sslcert

After executing following result will appear:

SSL Certificate bindings:

    IP:port                 :
    Certificate Hash        : f556668227fe55704d55de164a07989fe24008c0
    Application ID          : {4dc3e181-e14b-4a21-b022-59fc669b0914}
    Certificate Store Name  : MY
    Verify Client Certificate Revocation    : Enabled
    Verify Revocation Using Cached Client Certificate Only    : Disabled
    Usage Check    : Enabled
    Revocation Freshness Time : 0
    URL Retrieval Timeout   : 0
    Ctl Identifier          : (null)
    Ctl Store Name          : (null)
    DS Mapper Usage    : Disabled
    Negotiate Client Certificate    : Disabled

This is the site created in Internet Manager which host application with ID = {4dc3e181-e14b-4a21-b022-59fc669b0914} on the default port 443 and has a certificate installed with thumbprint (hash value) f556668227fe55704d55de164a07989fe24008c0.

If you want to install your own certificate on all IP addresses at the machine and port 999 use following command:

>netsh http add sslcert ipport=  certhash=5312693f53e6ba629dcc5c9c0dbbe6609672e9 appid={4EF5AB95-0A11-43b1-842C-51D56687CC79}

If you have any troubles by exploring of appid, one solution could be to create the application in Internet Manager and the to stop it. Exesut the show-command described above and copy the application ID. Actually, it is not important how you install the certificate. If you do it with Internet Manager for the service which will be self-hosted be sure that the IIS7-application is not running.

Related articles:

1. Nesh on MSDN:
2. WCF-Creating Self-Signed Certificates:
3. Self-Hosting:

Posted Jul 06 2008, 03:09 PM by Damir Dobric is a .Net Community Blog powered by daenet GmbH.