Using SSL Server Certificates

How to:

This section describes how to configure SSL server certificates.


Top of page

x
Procedure: How to Add a Local System Account to the Certificates Console
  1. Open the Microsoft Management Console on your system. From the Windows Start menu, click Run and type mmc, as shown in the following image.

  2. Click OK.

    The Microsoft Management Console (Console1) opens, as shown in the following image.

  3. Click File and then select Add/Remove Snap-in from the menu.

    The Add or Remove Snap-ins dialog opens, as shown in the following image.

  4. In the Available snap-ins section, select Certificates and click Add.

    The Certificates snap-in dialog opens, as shown in the following image.

  5. Select Computer account and then click Next.

    The Select Computer dialog opens, as shown in the following image.

  6. Select Local Computer and then click Finish.

    You are returned to the Add or Remove Snap-ins dialog.

  7. Click OK.

    You are returned to the Microsoft Management Console (Console1).

  8. Click File and then select Save As from the menu to save the updated console settings.

Top of page

x
Procedure: How to Install a Certificate to the Local System Account
  1. Open the Certificates console for the Local Computer storage option. For more information, see How to Add a Local System Account to the Certificates Console.

  2. Select a certificate store from the tree (for example, Trusted Root Certification Authorities or Personal).
  3. Select All Tasks, and then Import from the context menu.

    The Certificate Import Wizard opens, as shown in the following image.

  4. Click Next.

    The File to Import pane of the Certificate Import Wizard opens, as shown in the following image.

  5. In the File name field, provide the path to the certificate file (*.cer or *.pfx) on your file system and click Next.

    If you are importing a certificate in PFX format (*.pfx file), then the Password pane opens, as shown in the following image.

    You are prompted for the private key password for the certificate. Type a valid password and click Next.

    The Certificate Store pane of the Certificate Import Wizard opens, as shown in the following image.

  6. Accept the default values and click Next.

    The Completing the Certificate Import Wizard pane opens, as shown in the following image.

  7. Click Finish.

Top of page

x
Procedure: How to Configure the Port With the SSL Certificate
  1. Open the Certificates console for the Local Computer storage option. For more information, see How to Add a Local System Account to the Certificates Console.

  2. Double-click on a certificate from the list.

    The Certificate dialog opens, as shown in the following image.

  3. Click the Details tab and select Thumbprint from the list of properties, as shown in the following image.

  4. Copy and paste the thumbprint to the text editor. Remove all spaces.

    For example:

    4a8d631c5b0e9c79d2d1e61d91f671a7658ca66b
  5. Open a command prompt with administrator privileges.
  6. Type the following command and substitute accordingly.
    netsh http add sslcert ipport=0.0.0.0:8080
    certhash=777545b177144036f230b3265ad37099019858e5 appid=
    {A5052882-CE73-4DE3-A3DF-2F749D517273} clientcertnegotiation=enable

    In this example, the port is 8080.

    You may receive the following type of error message:

    SSL Certificate add failed, Error: 1312. A specified logon session does not exist. It may already have been terminated.

    For example:

    In this case, check the following:

    • Ensure that you run the console with administrator privileges.
    • Ensure that you installed the certificate to the Personal storage, and not Trusted Root Certification Authorities.
    • Ensure the text You have a private key that corresponds to this certificate appears in the General tab, as shown in the following image.

      If this text does not appear, then verify that you imported a *.pfx file, and not a *cer file.

  7. To delete an SSL certificate from a port, enter the following command:
    netsh http delete sslcert ipport=0.0.0.0:8080

    In this example, the port is 8080.

  8. To retrieve information about SSL certificates that are bound to ports, enter the following command:
    netsh http show sslcert

    The following are some useful online references:


iWay Software