This article describes how to bind a (self-signed) SSL certificate to port 443 when IIS is not installed. In this scenario a self-signed certificate is used to secure traffic between a dedicated Citrix StoreFront and XenDesktop controller.
Create & Import a Self-Signed Certificate
Find the certificate Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Certificates
Example: EC8B11G5D64A8F4F3B7D8D70F7B2AD2F4E88042D1
Find Citrix Broker Service GUID
Add-PSSnapin Citrix.*
Get-BrokerSite
Example: 8abc1def-2ea8-3ab9-1144-de5r56e78234
Delete an existing certificate from port 443 (if necessary):
netsh http delete sslcert ipport=192.168.1.10:443
Bind certificate to 443
netsh http add sslcert ipport=<IP address>:<Port Number> certhash=<Certificate Hash Number> appid={<Citrix Broker Service GUID>}
Example: netsh http add sslcert ipport=192.168.1.10:443 certhash=EC8B11G5D64A8F4F3B7D8D70F7B2AD2F4E88042D1 appid={8abc1def-2ea8-3ab9-1144-de5r56e78234}