Monthly Archives: September 2014

Enabling SSL on a server endpoint in Windows

The task of enabling SSL on your server is very simple. It doesn’t require any code changes assuming your server is already listening on httpand port 443.

Prerequisite:

  • On the server install a server-side certificate (includes private key) that can be verified by the client, i.e. it chains to a Trusted Root certificate that is installed on the client. This certificate should go into Certificates (Local Computer)\Personal\Certificates\. Also, make sure that the certificate’s subject is issued for your URL.

The actual steps of configuring SSL on the server is very simple:

  1. From elevated command line execute following command to delete all previous bindings for port 443 (obviously, port can be different):
    netsh http delete sslcert ipport=0.0.0.0:443
  2. From elevated command line establish binding between certificate and port:
    netsh http add sslcert ipport=0.0.0.0:443 certhash=YourCertHash appid={YOUR-APP-ID} certstorename=MY

Successful response to the first command is “SSL Certificate successfully deleted”, for the second is “SSL Certificate successfully added”. You can also see your SSL bindings using following command:

netsh http show sslcert

At this point you should be good to go – make a call from the client to your server and SSL should be established.

Good luck and let me know if you run into issues!