Edit

add sslcert

  • Article

Adds a new Secure Sockets Layer (SSL) server certificate binding and the corresponding client certificate policies for an IP address and port.

add sslcert [ipport=]IP Address:port
            [certhash=]string
            [appid=]GUID
            [certstorename=]string
            [verifyclientcertrevocation={enable|disable}]
            [verifyrevocationwithcachedclientcertonly={enable|disable}]
            [usagecheck={enable|disable}]
            [revocationfreshnesstime=]u-int
            [urlretrievaltimeout=]u-int
            [sslctlidentifier=]string
            [sslctlstorename=]string
            [dsmapperusage={enable|disable}]
            [clientcertnegotiation={enable|disable}]

Parameters

[ipport=IP Address:port]

Specifies the IP address and port for the binding.

[certhash=string]

Specifies the SHA hash of the certificate. This hash is 20 bytes long and specified as a hexadecimal string.

[appid=GUID]

Specifies the GUID to identify the owning application.

[certstorename=string]

Specifies the store name for the certificate. Defaults to MY. Certificate must be stored in the local computer context.

[verifyclientcertrevocation={enable|disable}]

Turns on or turnsoff verification of revocation of client certificates.

[verifyrevocationwithcachedclientcertonly={enable|disable}]

Turns on or turns off usage of only cached client certificate for revocation checking.

[usagecheck={enable|disable}]

Turns on or turns off usage check. Default is enabled.

[revocationfreshnesstime=u-int]

Specifies the time interval to check for an updated certificate revocation list (CRL). If this value is 0, then the new CRL is updated only if the previous one expires (in seconds).

[urlretrievaltimeout=u-int]

Specifies the timeout interval on attempts to retrieve the certificate revocation list for the remote URL (in milliseconds).

[sslctlidentifier=string]

Lists the certificate issuers that can be trusted. This list can be a subset of the certificate issuers that are trusted by the computer.

[sslctlstorename=string]

Specifies the store name under LOCAL_MACHINE where SslCtlIdentifier is stored.

[dsmapperusage={enable|disable}]

Turns on or turns off DS mappers. Default is disabled.

[clientcertnegotiation={enable|disable}]

Turns on or turns off negotiation of certificate. Default is disabled.

Examples

add sslcert ipport=1.1.1.1:443

certhash=0102030405060708090A0B0C0D0E0F1011121314

appid={00112233-4455-6677-8899-AABBCCDDEEFF}