Bind SSL certificate to 443 (on a server with no IIS installed)

 

This article describes how to bind a (self-signed) SSL certificate to port 443 when IIS is not installed. In this scenario a self-signed certificate is used to secure traffic between a dedicated Citrix StoreFront and XenDesktop controller.

Create & Import a Self-Signed Certificate

Find the certificate Hash

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Certificates
Example: EC8B11G5D64A8F4F3B7D8D70F7B2AD2F4E88042D1

Find Citrix Broker Service GUID

Add-PSSnapin Citrix.*
Get-BrokerSite
Example: 8abc1def-2ea8-3ab9-1144-de5r56e78234

Delete an existing certificate from port 443 (if necessary):

netsh http delete sslcert ipport=192.168.1.10:443

Bind certificate to 443

netsh http add sslcert ipport=<IP address>:<Port Number> certhash=<Certificate Hash Number> appid={<Citrix Broker Service GUID>}

Example: netsh http add sslcert ipport=192.168.1.10:443 certhash=EC8B11G5D64A8F4F3B7D8D70F7B2AD2F4E88042D1 appid={8abc1def-2ea8-3ab9-1144-de5r56e78234}

 

Leave a Reply

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *