• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Mister PKI

SSL Certificates * SSL Tools * Certificate Decoder

  • Buy SSL Certificates
  • Blog
  • OpenSSL
  • Keytool
  • SSL Tools
  • Donate

netsh http add sslcert

May 12, 2022 by Mister PKI Leave a Comment

The purpose of this article is to demonstrate how to use netsh http commands for SSL Certificate management on Windows machines, specifically the netsh http add sslcert command. Netsh http provides the ability to do other http functions other than certificate management, but those features are out of scope for this article.

Take note that in Powershell you can drop into netsh and then into http by typing each part alone. This is especially useful if you are running multiple netsh http commands.

netsh http update sslcert is another common search term that we want to address here. There is no update sslcert command, but rather the existing installed ssl certificate must first be removed and then added, which we demonstrate in the following examples.

More details on netsh http certificate management functions:

netsh http delete sslcert

netsh http show sslcert

netsh http add sslcert examples

The add sslcert command will bind an SSL certificate to an IP address and port. This is useful when multiple applications are running that need TLS on different ports, as well as a server that is running multiple IP addresses.

To add an ssl certificate using netsh http run the following command:

netsh http add sslcert ipport=0.0.0.0:443 certhash=your_cert_hash appid={00000000-0000-0000-0000-000000000000}

Parameters:

NameDescription
ipportRequired. The IP address and port the certificate will be applied to. In this case, 0.0.0.0 means any IP address on the machine. This can be separated out by specific IPs and ports.
certhashRequired. The SHA hash of the certificate in hexadecimal format. Each certificate hash installed on the machine may be displayed by running dir Cert:\LocalMachine\My\ in Powershell.
appidRequired. The GUID of the application being protected
certstorenameOptional. The name of the certificate store the certificate is in. The default is MY.
verifyclientcertrevocationOptional. Turn on or off certificate revocation checks.
verifyrevocationwithcachedclientcertonlyOptional. Turn on or off certificate revocation checks for cached client certificates.
usagecheckOptional. Turn on or off usage check. Default is on.
revocationfreshnesstimeOptional. How often to check for an updated Certificate Revocation List (CRL).
urlretrievaltimeoutOptional. Timeout period for retrieval of CRL.
sslctlidentifierOptional. Defines the list of trusted Certification Authorities (CA). This narrows the default list trusted by the OS.
sslctlstorenameOptional. The certificate store name under LOCAL_MACHINE.
dsmapperusageOptional. Turn on or off DS mappers. Default is on.
clientcertnegotiationOptional. Turn on or off the negotiation of certificates. Default is off.

netsh http add sslcert appid is a common search term. The example above demonstrates the purpose and usage of using the appid parameter.

netsh http add sslcert ipport simply is the beginning of the command, specifying the ip address along with the port as demonstrated in the example above.

netsh http add sslcert hostnameport is another common search term. While it is recommended to use the ipport instead of the hostnameport parameter, both are available options for binding the certificate to a specific hostname or IP address along with the port.

netsh http add sslcert the parameter is incorrect – If you get an error message stating the parameter is incorrect you should double check the syntax of your parameters and values. If that still doesn’t work, try dropping into the netsh http prompt and then running add sslcert with the same parameters to fix the issue.

Conclusion

This article has demonstrated how to use netsh to add an SSL certificate to an IP, port, and application on a Windows machine. Let us know in the comments if you have any questions or would like to see additional examples.

netsh,  SSL Certificates

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Posts

PKCS12

openssl s_client

Keytool

Keytool list

ECDSA vs RSA

OpenSSL

PKCS7

Certificate Decoder

Buy SSL Certificates

The SSL Store

Comodo Store

Sectigo Store

RapidSSL

Recent Posts

  • Proxy Addresses Active Directory
  • Windows Private Key Permissions
  • Install .NET 3.5 on Windows Server 2019
  • Netscaler SSL Redirect
  • How to mount NFS share on Linux

Footer

  • Twitter
  • YouTube

Pages

  • About Mister PKI
  • Blog
  • Compare and Buy Affordable PKI Certificates
  • Contact Us
  • Full Disclosure
  • Privacy Policy
  • SSL Tools – Certificate Decoder and Certificate Checker

Copyright © 2023