Server certificate setup for HTTPS
- Last UpdatedJun 03, 2026
- 2 minute read
Procure a certificate based on the Web server template from a valid Certificate Authority (CA). The server certificate's subject name must match the host name of the daemon server machine, as specified in the Rhost field when creating a location.
After installing the server certificate, you must bind it to the IP address and port number used for the HTTPS endpoint for each location. First, check existing bindings, then use the netsh command in an administrator command prompt. See the following procedures for more information.
Check exisiting bindings
First, check if a certificate is already bound to the IP address and port you intend to use. To do this:
-
Open an administrator command prompt.
-
Enter netsh http show sslcert.
The current certificate bindings are listed.

Delete an existing certificate binding
-
Open Command Prompt in Administrator mode.
-
Enter the command statement:
netsh http delete sslcert ipport=<IP address>:<port number>

Here, 0.0.0.0 is the IP address and translates to machine name, and 8009 is the port number to be cleared for use as an HTTPS communication.
Add a certificate binding
-
Open Command Prompt in Administrator mode.
-
Enter the command statement:
netsh http add sslcert ipport=0.0.0.0:<port> certhash=<certificate thumbprint> appid=netsh.

You can find the certificate’s thumbprint in the Personal folder in MMC under the Details tab. Scroll to the bottom of the list to locate the thumbprint.

The appid parameter is a GUID that identifies the owning application.
Note: As a guide, you can enter any random GUID that works for your configuration and it will function correctly. For example: netsh http add sslcert ipport=0.0.0.0:8009 certhash=8b89057c9a63374b3ef2fa263200fb83c64ca105 appid={0e1409bd-eee7-4bcd-a52e-8c6c78569e2f}.
For more information about configuring a certificate with ports from Microsoft, refer to How to: Configure a Port with an SSL Certificate in the Microsoft Learn documentation.