Published
Wednesday, July 19, 2006 8:02 AM
by
martin
Following on from my last post about netsh.exe, this one becomes important when you want a WCF service to listen at an https endpoint. All this assumes you're running on Windows Vista. Let's say you want to listen at...
https://localhost:8888/MyService
...and you've set up your binding appropriately to use transport security.
If you do nothing about configuring SSL for this endpoint, you'll get an exception saying "Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost:8888'."
To set up SSL for the endpoint, you'll first need a valid certificate that can be used for server authentication. Determine its SHA1 hash (using the certificates mmc snap-in, or certmgr.exe, etc.). Next, use netsh.exe as follows...
netsh http add sslcert ipport=0.0.0.0:8888 certhash=<your-hash-here> appid=<your-guid-here>
I must admit I'm still a little confused by the appid guid that you have to provide. It doesn't seem to matter which I use - it will always work. I suspect that http.sys is keeping a table of "application IDs" against which it records its SSL certificate bindings. I'll update this when I find out :-)