Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version. Compare with Current ·  View Page History

This guide details the steps required to run the built-in web server of Echo over HTTPS rather than HTTP.

As an example, it is assumed you want to bind the HTTPS server to IP address 192.168.0.179 using port 8443.  Change these values to suit your own requirements.

Prerequisites

This guide presumes you have already installed your (valid) SSL certificate into the MY certificate store using the Local Machine account, since Echo runs as a system service in that context.

Start a command prompt with administrator privileges to perform the following steps:

Find the certificate thumbprint

First, use the MMC certificate snap-in to find your installed certificate:

  • Start the Microsoft Management Console (MMC) by typing mmc.exe from the command prompt window
  • In the application that starts, go to File -> Add/Remove Snap-In...
  • Select the Certificates snap-in in the left-hand panel
  • Click Add > to move it into the right-hand panel.  Select Computer account when prompted, then Finish, then Finish again after selecting Local computer
  • Close the Add or Remove Snap-ins window by pressing OK
  • In the Console Root panel, select Certificates (Local Computer), then choose the Personal folder
  • Locate your certificate and double-click on it to view its contents
  • In the Details tab, scroll down and select the Thumbnail property (usually at the bottom)
  • In the preview window, copy the full thumbnail and paste into a text editor to remove the spaces
  • Keep this thumbprint for the next step

Binding to an endpoint

The next step creates a binding between the SSL certificate you want to use with Echo, and the endpoint that Echo will be listening on.

An endpoint consists of an IP address and a port number.

List SSL certificates
Example output

Take a note of the "Certificate Hash" of the SSL certificate you want to use. This is known as the thumbprint.

Remove any existing binding to that certificate for the endpoint you want to use:

netsh http delete sslcert ipport=192.168.0.179:8443


netsh http show sslcert


netsh http add sslcert ipport=192.168.0.179:8443 certhash=0011223344556677889900112233445566778899 appid={ecc39c98-e826-4009-9401-2a5c6e7babbc}

Labels: