Home Server Server Resources How to Bind an SSL Certificate

How to Bind an SSL Certificate

Overview

Since P2 Server only supports HTTPS, it must be deployed to a Web Site with an HTTPS binding configured. The Default Web Site in IIS will not work.

This section assumes that you have deployed the SSL certificate and created an SSL website as part of the installation of P2 Security. If this is not the case, see Configuring SSL before proceeding.

For P2 Server to work correctly, the SSL certificate for your domain needs to be bound to two ports:

  • One to the SSL website in IIS (usually 443).
  • One for the ServicePort specified in the configuration file (defaults to 8080).

When setting up the website in IIS, the certificate will automatically be bound by IIS to the port configured for that website. However, there is no user interface to bind the certificate to the ServicePort, so this has to be done through the command line. The following command shows the current SSL bindings:

netsh http show sslcert

The command to bind a certificate to the port is:

netsh http add sslcert ipport=0.0.0.0:8080 certhash=f0fdac6d8dd1ea9dcec72bd33ed7cc1ccdc06008 
appid={daf2e53d-2c3b-4fce-9d74-a5b618c52562}

Where:

  • ipport specifies the port to bind to. Note: It is recommended to use 0.0.0.0 for the IP address as this will bind to any IPv4 address.
  • appip is a GUID that can be used to identify the owning application
  • certhash specifies the thumbprint of the certificate

How to Get the Thumbprint (certhash)

  1. Open the Microsoft Management Console (Start > mmc.exe).
  2. In the Console Root, select Add/Remove Snap-in from the File menu (File > Add/Remove Snap-in).
    image013
     
  3. In the Add or Remove Snap-ins dialog box, click Certificates and then click Add, to move it to the Selected snap-ins.
    A message appears, asking which account to manage the snap-in for.
    image015
     
  4. Select Computer account, and then click Next.
  5. Select the Local computer, and then click Finish.
    image017
     
  6. Click OK.
  7. In the Console Root, expand the Certificates node, then expand the Personal node and click Certificates.

     
  8. Right-click on the SSL certificate issued to your domain (e.g. *.petroleumplace.com), and select Properties.
    Note: If there is no Details tab in the Properties dialog, double-click the certificate instead.
     
  9. Click the Details tab, and copy the Thumbprint value to the clipboard.
  10. Use this for the certhash value in the certificate binding command.

Instructions for Binding

Before proceeding, ensure you have the correct ipport number, and copy the appid from the example below. However, you will need to obtain the correct thumbprint (certhash) of the certificate (see above).

  1. Open a command prompt.
  2. Bind the SSL certificate to the ServicePort by typing the following command:
netsh http add sslcert ipport=0.0.0.0:8080 certhash=cd0a103f58b6e43c01254d6229ef5050cf189ea4 
appid={daf2e53d-2c3b-4fce-9d74-a5b618c52562}

For more details on configuring a port with an SSL certificate, go to https://msdn.microsoft.com/en-us/library/ms733791(v=vs.110).aspx.

 

Comments are closed