StifleR
2.6
2.6
  • Start Here - StifleR 2.6
  • StifleR 2.6.x.x
    • StifleR - Release Notes
    • What's New
    • QuickStart Guide
      • Installation
        • Manual Server Installation
        • StifleR Client Installation
        • StifleR Network Locations
        • Example StifleR Rules Definition
    • Planning & Deployment Guide
      • TL;DR version
      • StifleR Overview
        • The StifleR Solution
      • Features Overview
        • Other Features
      • Technical Overview
        • StifleR Standard Features
        • StifleR Enterprise Features
      • Planning Your StifleR Implementation
        • Firewall Ports
        • Supported Clients
        • Networks in StifleR
        • Permissions
      • Installation
        • StifleR Server Installation
        • Dashboards, Client and Beacon Server Installation
        • Post Installation Checks
        • Testing Quick Start Guide
      • Troubleshooting
        • BranchCache across Subnets
      • StifleR Generic Concepts
        • Red Leader
        • Enterprise Environment - Blue Leader
      • Bandwidth Management
        • Bandwidth Tuning Monitoring and Control
      • StifleR WMI Provider
      • StifleR Feature Details
        • StifleR Enterprise Edition Features
      • Further Reading
    • StifleR Operations
      • Maintenance tasks
      • Backup and Recovery
        • Moving the StifleR Server Databases to a New Drive on the Same Server
    • StifleRulez.xml Configuration Guide
      • The Match – TypeData
        • When the Job Title Isn’t Suitable
        • ConfigMgr Specific Rules
      • The Setting - DownloadTypes
        • Delivery Optimization Jobs
      • Sample StifleRulez.xml
    • Securing StifleR Operations with SSL
      • Pre-Requisites
      • Securing the StifleR SignalR Endpoint
        • Binding certificates to SSL Ports for SignalR/StifleR
      • Running SignalR with SSL
      • IIS Configuration
      • Appendix A: Certificates
        • Using IIS to create a self-signed Certificate
        • Using a full IIS Certificate
      • Appendix B:Finding the CertHash
Powered by GitBook
On this page
Export as PDF
  1. StifleR 2.6.x.x
  2. Securing StifleR Operations with SSL
  3. Securing the StifleR SignalR Endpoint

Binding certificates to SSL Ports for SignalR/StifleR

PreviousSecuring the StifleR SignalR EndpointNextRunning SignalR with SSL

Last updated 2 years ago

Self-hosting under HttpListener is wonderful and completely self-contained, but one of the downsides of not being integrated with IIS is that it cannot be aware of any certificates that are installed for IIS. This means that any certificates you want to use must be explicitly bound to a Port. If you can use IIS certificates and if you need to acquire a full certificate for use with a self-hosted application, going through the IIS certificate process is the easiest way to get the certificate loaded. If you require a certificate for local testing then it is quite easy to use the IIS self-signed certificate creation tool to create this component.

For now, let's assume that you already have a certificate installed into the Windows certificate store. In order to bind a certificate to the StifleR endpoint, you have to use the NETSH command line utility to register it on the machine (entered all on one line, split below for readability):

netsh http add sslcert ipport=0.0.0.0:1414 
appid={12345678-db90-4b66-8b01-88f7af2e36bf} 
certhash=cert_hash_thumbprint_goes_here

For every endpoint mapping you need to supply 3 values:

1. The ipport which identifies the ip and port

Specified as ipport=0.0.0.0:1414 where the zeros mean all ip addresses on port 1414. You can also specify a specific IP Address if required.

2. An AppID which is fixed for HttpListener Hosting

This value is static so always use appid={12345678-db90-4b66-8b01-88f7af2e36bf}

3. The certhash which is the Certificate's Thumbprint.

The certhash is the id that maps the certificate to the IP endpoint above. You can view this hash in the properties of the certificate in the Windows Certificate store. This is covered in the next section.

Once the above command has been run you can check if it was successful by checking the binding as follows:

netsh http show sslcert ipport=0.0.0.0:1414

which should give you a display similar to the following:

Repeat the above procedure for port 9000 (or other port used for the Web API)

Here's how to find the certhash