Skip to end of metadata
Go to start of metadata

This guide details the steps required to run the built-in web server of Echo over HTTPS rather than HTTP.

As an example, it is assumed you want to bind the HTTPS server to IP address 192.168.0.179 using port 443 (the default port for HTTPS connections).  Change these values to suit your own requirements.

Prerequisites

This guide presumes you have already installed your (valid) SSL certificate into the MY certificate store using the Local Machine account, since Echo runs as a system service in that context.

Start a command prompt with administrator privileges to perform the following steps:

Find the certificate thumbprint

First, use the MMC certificate snap-in to find your installed certificate:

  • Start the Microsoft Management Console (MMC) by typing mmc.exe from the command prompt window
  • In the application that starts, go to File -> Add/Remove Snap-In...
  • Select the Certificates snap-in in the left-hand panel
  • Click Add > to move it into the right-hand panel.  Select Computer account when prompted, then Finish, then Finish again after selecting Local computer
  • Close the Add or Remove Snap-ins window by pressing OK
  • In the Console Root panel, select Certificates (Local Computer), then choose the Personal folder
  • Locate your certificate and double-click on it to view its contents
  • In the Details tab, scroll down and select the Thumbprint property (usually at the bottom)
  • In the preview window, copy the full thumbprint and paste it into a text editor
  • Use search and replace to remove the spaces.  Keep this compacted thumbprint for the next steps

Binding to an endpoint

An endpoint is a combination of an IP address and a port number.  In this example, the endpoint is 192.168.0.179:443.

Having found the thumbprint for the certificate you want to use, you must now create a binding between that certificate and the endpoint that Echo will be listening on.

To see which endpoints are currently bound to which certificates, issue the following command:

List current bindings
Example output

The Certificate Hash is the thumbnail of the certificate that an endpoint is bound to.

If a binding already exists for the endpoint you want to use, remove it with the following command:

Removing an existing binding

Once you are sure your endpoint is no longer bound to a certificate, add a new binding:

Adding a new binding

The ipport parameter is the endpoint you want to bind.
The certhash is the thumbprint (certificate hash) of the SSL certificate you want to use
The appid parameter is application-specific and should be set to a value of  {ecc39c98-e826-4009-9401-2a5c6e7babbc} when used for the Echo application.

Enabling HTTPS in Echo

Finally, you must set the protocol and port number in the settings.xml configuration file for Echo, as per the following example snippet:

settings.xml

As with any manual change to the configuration file, the Echo application should be restarted for your changes to take effect.

Labels:
None
Edit Labels