Appendix B:Finding the CertHash

To find the certhash, you need to find the certificate's ThumbPrint which can be found in a couple of ways using either of the following:

The IIS Certificate Manager
The Windows Certificate Storage Manager

Using IIS to get the Certificate Info

If IIS is installed, then this is the easier option. From here you can easily see all installed certificates. The UI is also the easiest way to create local self-signed certificates.

To look up an existing certificate, simply bring up the IIS Management Console, select the Computer Name, and select Server Certificates:

You can see the certificate hash in the "Certificate Hash" column. You can also double-click and open the certificate and go in the Details tab the certificate. Look for the thumbprint which contains the hash.

Unfortunately, it is difficult to copy the hash from either of these interfaces, so you either have to copy it manually or remove the spaces from the thumbprint data in the dialog after copying it.

Note: When copying the thumbprint from Certificate Manager in the details window, a hidden character may get copied at the start. You can check this by using the cursor to move through it - delete it if it's there! Leaving it in can cause the "The Parameter is Incorrect" message despite everything looking fine at the command prompt.

PreviousUsing a full IIS Certificate NextStifleR Client Access Control Options

Last updated 20 days ago