add sslcert

Adds a new Secure Sockets Layer (SSL) server certificate binding and the corresponding client certificate policies for an IP address and port.


add sslcert [ipport=]IP Address:port
            [certhash=]string
            [appid=]GUID
            [certstorename=]string
            [verifyclientcertrevocation={enable|disable}]
            [verifyrevocationwithcachedclientcertonly={enable|disable}]
            [usagecheck={enable|disable}]
            [revocationfreshnesstime=]u-int
            [urlretrievaltimeout=]u-int
            [sslctlidentifier=]string
            [sslctlstorename=]string
            [dsmapperusage={enable|disable}]
            [clientcertnegotiation={enable|disable}]

 

Parameters

[ipport=]IP Address:port

Specifies the IP address and port for the binding.

[certhash=]string

Specifies the SHA hash of the certificate. This hash is 20 bytes long and specified as a hexadecimal string.

[appid=]GUID

Specifies the GUID to identify the owning application.

[certstorename=]string

Specifies the store name for the certificate. Defaults to MY. Certificate must be stored in the local computer context.

[verifyclientcertrevocation={enable|disable}]

Turns on or turnsoff verification of revocation of client certificates.

[verifyrevocationwithcachedclientcertonly={enable|disable}]

Turns on or turns off usage of only cached client certificate for revocation checking.

[usagecheck={enable|disable}]

Turns on or turns off usage check. Default is enabled.

[revocationfreshnesstime=]u-int

Specifies the time interval to check for an updated certificate revocation list (CRL). If this value is 0, then the new CRL is updated only if the previous one expires (in seconds).

[urlretrievaltimeout=]u-int

Specifies the timeout interval on attempts to retrieve the certificate revocation list for the remote URL (in milliseconds).

[sslctlidentifier=]string

Lists the certificate issuers that can be trusted. This list can be a subset of the certificate issuers that are trusted by the computer.

[sslctlstorename=]string

Specifies the store name under LOCAL_MACHINE where SslCtlIdentifier is stored.

[dsmapperusage={enable|disable}]

Turns on or turns off DS mappers. Default is disabled.

[clientcertnegotiation={enable|disable}]

Turns on or turns off negotiation of certificate. Default is disabled.

Examples

add sslcert ipport=1.1.1.1:443

certhash=0102030405060708090A0B0C0D0E0F1011121314

appid={00112233-4455-6677-8899-AABBCCDDEEFF}

 

 

Community Additions

ADD
Show:
© 2014 Microsoft