The purpose of this article is to demonstrate how to use netsh http commands for SSL Certificate management on Windows machines, specifically the netsh http show sslcert command. Netsh http provides the ability to do http functions other than certificate management, but those features are out of scope for this article.
Take note that in Powershell you can drop into netsh and then into http by typing each part alone. This is especially useful if you are running multiple netsh http commands. netsh http show sslcert powershell is a common search term, which simply means the command is to be ran in powershell.
Before adding or deleting an SSL certificate binding it’s useful or even required to first show the bindings. If you are looking for detailed instructions on how to add or delete an SSL certificate binding check out each of the following two articles.
netsh http show sslcert examples
The show sslcert command will show the SSL certificate bindings on an IP address and port. This is useful when determining what binding to update the certificate or remove the certificate on.
To show the SSL certificate bindings using netsh http run the following command:
netsh http show sslcert ipport=0.0.0.0:443Parameters:
| Name | Description |
| ipport | Required. The IP address and port the certificate binding will be shown for. In this case, 0.0.0.0 means any IP address on the machine. This can be separated out by specific IPs and ports. If you do not specify ipport then all certificate bindings on the Windows machine will be shown. |
The output of the netsh show command may look similar to the following:
IP:port : 0.0.0.0:443
Certificate Hash : <cert_hash>
Application ID : {<app_id}
Certificate Store Name : (null)
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
Reject Connections : Disabled
Disable HTTP2 : Not Set
Disable QUIC : Not Set
Disable TLS1.2 : Not Set
Disable TLS1.3 : Not Set
Disable OCSP Stapling : Not Set
Disable Legacy TLS Versions : Not SetConclusion
This article has demonstrated how to use netsh to show or display an SSL certificate binding on a Windows machine. It will display what IP address and port the certificate is bound to. Let us know in the comments if you have any questions or would like to see additional examples.
Leave a Reply