Self-hosting under HttpListener is wonderful and completely self-contained, but one of the downsides of not being integrated with IIS is that it cannot be aware of any certificates that are installed for IIS. This means that any certificates you want to use must be explicitly bound to a Port. If you can use IIS certificates and if you need to acquire a full certificate for use with a self-hosted application, going through the IIS certificate process is the easiest way to get the certificate loaded. If you require a certificate for local testing then it is quite easy to use the IIS self-signed certificate creation tool to create this component.
For now, let's assume that you already have a certificate installed into the Windows certificate store. In order to bind a certificate to the StifleR endpoint, you have to use the NETSH command line utility to register it on the machine (entered all on one line, split below for readability):
For every endpoint mapping you need to supply 3 values:
1. The ipport which identifies the ip and port
Specified as ipport=0.0.0.0:1414 where the zeros mean all ip addresses on port 1414. You can also specify a specific IP Address if required.
2. An AppID which is fixed for HttpListener Hosting
This value is static so always use appid={12345678-db90-4b66-8b01-88f7af2e36bf}
3. The certhash which is the Certificate's Thumbprint. Here's how to find the certhash
The certhash is the id that maps the certificate to the IP endpoint above. You can view this hash in the properties of the certificate in the Windows Certificate store. This is covered in the next section.
Once the above command has been run you can check if it was successful by checking the binding as follows:
which should give you a display similar to the following:
Repeat the above procedure for port 9000 (or other port used for the Web API)
Securing the StifleR SignalR endpoint is easy once you have your server certificate info. It is possible that StifleR may be installed on a server where IIS is NOT installed – for instance where the Dashboards are installed on a separate server. IIS is not a prerequisite for securing the StifleR Service.