This guide details the steps required to run the built-in web server of Echo over HTTPS rather than HTTP.

As an example, it is assumed you want to bind the HTTPS server to IP address 192.168.0.179 using port 8443.  Change these values to suit your own requirements.

Prerequisites

This guide presumes you have already installed your (valid) SSL certificate into the  certificate store using the account, since Echo runs as a system service in that context.

List SSL certificates

First, list all SSL certificates installed in the local machine account:

 
netsh http show sslcert
 

This produces a list as follows:

SSL Certificate bindings:
-------------------------
    IP:port                 : 192.168.0.179:443
    Certificate Hash        : 00112233445566778899aabbccddeeff00112233
    Application ID          : {aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee}
    Certificate Store Name  : MY
    Verify Client Certificate Revocation    : Enabled
    Verify Revocation Using Cached Client Certificate Only    : Disabled
    Usage Check    : Enabled
    Revocation Freshness Time : 0
    URL Retrieval Timeout   : 0
    Ctl Identifier          :
    Ctl Store Name          :
    DS Mapper Usage    : Disabled
    Negotiate Client Certificate    : Disabled

    IP:port                 : 192.168.0.179:8443
    Certificate Hash        : 112233445566778899aabbccddeeff0011223344
    Application ID          : {00000000-1111-2222-3333-444444444444}
    Certificate Store Name  : (null)
    Verify Client Certificate Revocation    : Enabled
    Verify Revocation Using Cached Client Certificate Only    : Disabled
    Usage Check    : Enabled
    Revocation Freshness Time : 0
    URL Retrieval Timeout   : 0
    Ctl Identifier          : (null)
    Ctl Store Name          : (null)
    DS Mapper Usage    : Disabled
    Negotiate Client Certificate    : Disabled

Take a note of the "Certificate Hash" of the SSL certificate you want to use. This is known as the thumbprint.

Remove any existing binding to that certificate for the endpoint you want to use:

netsh http delete sslcert ipport=192.168.0.179:8443


netsh http show sslcert


netsh http add sslcert ipport=192.168.0.179:8443 certhash=0011223344556677889900112233445566778899 appid={ecc39c98-e826-4009-9401-2a5c6e7babbc}