The purpose of this article is to demonstrate how to use netsh http commands for SSL Certificate management on Windows machines, specifically the netsh http delete sslcert command. Netsh http provides the ability to do http functions other than certificate management, but those features are out of scope for this article.
Take note that in Powershell you can drop into netsh and then into http by typing each part alone. This is especially useful if you are running multiple netsh http commands. Before adding an SSL certificate to an IP address and/or port, the certificate must first be deleted using the command demonstrated below.
While this article will focus on deleting SSL certificates with netsh, the following articles will demonstrate other certificate management functions with netsh.
netsh http delete sslcert examples
The delete sslcert command will unbind an SSL certificate from an IP address and port.
To remove an ssl certificate using netsh http run the following command:
netsh http delete sslcert ipport=0.0.0.0:443
|ipport||Required. The IP address and port the certificate will be removed from. In this case, 0.0.0.0 means any IP address on the machine. This can be separated out by specific IPs and ports.|
netsh http delete sslcert hostnameport is a common search term. While it is recommended to use the ipport instead of the hostnameport parameter, both are available options for unbinding the certificate from a specific hostname or IP address along with the port.
netsh http remove sslcert is another common search term. “delete” is the command and not “remove”.
This article has demonstrated how to use netsh to delete an SSL certificate from an IP and port on a Windows machine. Let us know in the comments if you have any questions or would like to see additional examples.