Shulou(Shulou.com)06/01 Report--

SSL Certificate Port Guide

What is the SSL port?

SSL (Secure Sockets Layer secure Sockets layer) and its successor Transport layer Security (Transport Layer Security,TLS) are security protocols that provide security and data integrity for network communications. TLS and SSL encrypt the network connection at the transport layer.

The SSL port refers to the secure socket layer, and its port number is 443.

How to configure a port using a SSL certificate (take NET Framework (current version)) as an example

In Windows Vista, use the Netsh.exe tool to view the current port configuration, as shown in the following example.

Netsh http show SSLcert

Obtain the fingerprint of the certificate

Use the Certificate MMC snap-in to find the X.509 certificate used for client authentication. For more information, see how to: view certificates using the MMC snap-in.

The fingerprint of the access certificate. For more information, see how to: retrieve the fingerprint of a Certificate.

Copy the certificate fingerprint to a text editor, such as Notepad.

Removes all spaces between hexadecimal characters. One way to do this is to use the find and replace feature of the text editor to replace each space with an empty character.

Bind the SSL certificate to the port number

In Windows Server 2003 or Windows XP, use the "set" command of the HttpCfg.exe tool to bind the certificate to the port number for the secure socket layer (SSL) store. The tool uses fingerprint identification certificates, as shown in the following example.

Httpcfg set SSL-I 0.0.0.0 8012-h 0000000000003ed9cd0c315bbb6dc1c08da5e6

The syntax of the-I switch is IP:port, which instructs the tool to set the certificate to the computer's port 8012. Alternatively, the four zeros before the port number can be replaced with the actual IP address of the computer.

The-h switch specifies the fingerprint of the certificate.

Use the Netsh.exe tool in Windows Vista, as shown in the following example.

Netsh http add SSLcert ipport=0.0.0.0:8000 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid= {00112233-4455-6677-8899-AABBCCDDEEFF}

The certhash parameter specifies the fingerprint of the certificate.

The ipport parameter specifies the IP address and port, which is similar to the-I switch of the previous Httpcfg.exe tool.

The appid parameter is the GUID that can be used to identify the application to which it belongs.

Bind SSL certificates to port numbers and support client certificates

In Windows Server 2003 or Windows XP, to support clients that authenticate with X.509 certificates at the transport layer, follow the previous steps, but pass an additional command line argument to HttpCfg.exe, as shown in the following example.

Httpcfg set SSL-I 0.0.0.0 8012-h 0000000000003ed9cd0c315bbb6dc1c08da5e6-f 2

The syntax of the-f switch is n, where n is a number between 1 and 7. A value of 2 enables the client certificate at the transport layer, as shown in the example above. A value of 3 enables client certificates and maps them to Windows accounts. See the HttpCfg.exe help for the behavior of other values.

In Windows Vista, to support clients that use X.509 certificates for authentication at the transport layer, follow the previous steps, but provide an additional parameter, as shown in the following example.

Netsh http add SSLcert ipport=0.0.0.0:8000 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid= {00112233-4455-6677-8899-AABBCCDDEEFF} clientcertnegotiation=enable

Delete the SSL certificate for the port number

Use the HttpCfg.exe or Netsh.exe tool to view the ports on your computer and the fingerprints of all bindings. To output information to disk, use the redirect character ">", as shown in the following example.

Httpcfg query SSL > myMachinePorts.txt

In Windows Server 2003 and Windows XP, use the HttpCfg.exe tool and the delete and SSL keywords. Use the-I switch to specify the IP:port number and the-h switch to specify the fingerprint.

Httpcfg delete SSL-I 0.0.0.0 8005-h 0000000000003ed9cd0c315bbb6dc1c08da5e6

Use the Netsh.exe tool in Windows Vista, as shown in the following example.

Netsh http delete SSLcert ipport=0.0.0.0:8005

Global trusted CA institutions

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.