Information regarding certificates

Using a certificate signed by a Certificate Authority

Please follow instructions from CA on how to install your certificate to your server if you have not already done so.

After making sure a valid certificate is installed, the user needs to figure the certificate Thumbprint to bind the certificate to the service, which is detailed below.

Instructions to look up Thumbprint of the certificate

  1. Open "mmc" in windows Run

    images/download/attachments/34551931/image2017-1-19_17-30-47.png
  2. Select File → Add/Remove Snap-ins

    images/download/attachments/34551931/image2017-1-19_17-32-45.png
  3. Add Certificates → Choose Computer Account → Click next → Click Finish → Click OK

  4. Navigate to whichever folder the certificate is installed in.

    images/download/attachments/34551931/image2017-1-19_17-38-57.png
  5. Double click the certificate and select Details tab and choose Show <All>
    images/download/attachments/34551931/image2017-1-19_17-41-31.png

  6. Get the Thumbprint info and use it as the 'Cert Hash'.

Using a self-signed certificate

  1. If using a certificate signed by a Certificate Authority, skip to Binding the certificate to the port and use the Thumbprint of your signed certificate as the value for 'Cert Hash'.
    Open a Command Prompt, running using administrator privileges and type the following command:

    certutil -store MY

    images/download/attachments/34551931/image2015-9-28_16_8_20.png

  2. Copy the value from the 'Cert Hash' field and remove the spaces (e.g. the edited hash should look like this ef8a0fc5620b621a54fb367f1e7ee45e1ba6d006)

  3. Generate a new GUID. One option would be to use the following online resource: https://www.guidgenerator.com/online-guid-generator.aspx (e.g. generated GUID should look like this {CDA52389-5954-44C2-8CF0-38062D1572F8})

Binding the certificate to the port

  1. Open a command prompt and run the following command. More info can be found here.

    netsh http add sslcert ipport=0.0.0.0:443 certhash=your_hash appid={your_guid}

    Replacing your_hash with the certificate hash and your_guid with the generated GUID (make sure the value of the GUID is surrounded by curly brackets - {}).
    e.g. netsh http add sslcert ipport=0.0.0.0:443 certhash=ef8a0fc5620b621a54fb367f1e7ee45e1ba6d006 appid={CDA52389-5954-44C2-8CF0-38062D1572F8}

    images/download/attachments/34551931/image2015-9-28_16_14_56.png

  2. Now you will need to enable HTTPS for the REST service.
    Similar to the previous steps, run the following command:

    netsh http add sslcert ipport=0.0.0.0:8000 certhash=your_hash appid={your_guid}

    Replace your_hash and your_guid with the same values from the previous step
    e.g. netsh http add sslcert ipport=0.0.0.0:8000 certhash=ef8a0fc5620b621a54fb367f1e7ee45e1ba6d006 appid={CDA52389-5954-44C2-8CF0-38062D1572F8}

    Note: If you are using PowerShell, you must enclose the appid in quotes.