How to: Configure a Port with an SSL Certificate in Vista or WIN7

Step 1: Create a certificate

You create a certificate using the makecert tool. This tool is available by installing any of the following:

    Microsoft® Visual Studio 2005 (all editions except Express)
    Microsoft® Visual Studio 2008 (all editions except Express)
    Microsoft® Visual Studio 2010 (all editions except Express)
    Microsoft® Windows® Software Development Kit Update for Windows Vista™

After installing one of the above, open a Visual Studio 2005/2008/2010 Command Prompt. To create the certificate,
run the makecert tool using the following switches: :

  • the -r switch enables self-signing
  • the -pe switch marks the generated private key as exportable
  • the -n switch sets the Certificate subject name
  • the -ss switch sets the subject's certificate store name to "My"
  • the -sr switch sets the subject's certificate store location to "localMachine"
  • the -sky switch sets the subject Key Type to "exchange".

Your command should look like this:

makecert -r -pe -n "CN=localhost" -ss my -sr localMachine -sky exchange

Step 2: Make the certificate trusted

You use the Microsoft Management Console Certificates snap-in to copy the newly created certificate from the localmachine\Personal\Certificates folder into localmachine\Trusted Root Authorities\Certificates folder.

Open the Certificates MMC snap-in as follows: 

  1. Select Start->Run
  2. Type mmc, then click OK
  3. Select File->Add/Remove Snap-in
  4. Click Add
  5. Select Certificates  in the Available snap-ins list, then click Add
  6. Select Computer Account, then click Next
  7. Click Finish
  8. Click OK, to close the dialogs to get back to the MMC console

In the MMC console, navigate to the Personal\Certificates folder. Copy the localhost certificate created in Step 1 to the Trusted Root Certification Authorities\Certificates folder

Step 3: Associate the certificate with a port

In the Microsoft Management Console, open the localhost certificate. Click the Details tab and select Thumbprint. Copy the Thumbprint hash key (visible in the lower pane) to the clipboard.

netsh http add sslcert ipport=0.0.0.0:8000 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF}

  • The certhash parameter specifies the thumbprint of the certificate.
  • The ipport parameter specifies the IP address and port.
  • The appid parameter is a GUID that can be used to identify the owning application.

posted on 2011-07-18 15:54  jmbkeyes  阅读(306)  评论(0)    收藏  举报

导航