97

The netsh command wants an appid (see here):

netsh http add sslcert ipport=0.0.0.0:8000 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF}

How am I supposed to know the GUID netsh wants me to provide?

Improve this question

4 Answers 4

Reset to default
100

You can use any valid GUID. It is only used to allow you to identify the binding later.

Improve this answer
5
  • 12
    Later? When is later, like what would you be potentially doing?
    – Tim Lovell-Smith
    Commented May 29, 2012 at 7:10
  • 7
    @Tim: You can run "netsh http show sslcert" later and might want to identify which application added what bindings. I don't see much value in the feature, however.
    – Rasmus Faber
    Commented May 29, 2012 at 7:42
  • 5
    To create a valid GUID you could use your Visual Studio (Tools -> Create GUID -> Choose "4. Registry Format").
    – fuma
    Commented Mar 15, 2017 at 9:50
  • If you have more applications In one server and each of them add more than one binding. And one day you can migrate one to another server? By GUID you find all bindings assigned to your application. GUID must be for one application the same of course - when you create bindings... :-).
    – exo
    Commented Apr 20, 2017 at 8:38
  • this does not work for me. I get the error: SSL Certificate add failed, Error: 1312 A specified logon session does not exist. It may already have been terminated.
    – tatmanblue
    Commented Jan 25, 2018 at 20:30
33

I used the Application GUID for my WCF service that is located within the AsseblyInfo.vb (VB.NET) or AssemblyInfo.cs (C#) file of my hosting application (Windows Service) as shown below:

<Assembly: Guid("8fbacae2-bd4e-8ef5-b202-1561845dd04f")>

I used this as the appid parameter for the netsh.exe tool like so:

appid={8fbacae2-bd4e-8ef5-b202-1561845dd04f}

It worked perfectly and my WCF service uses HTTPS via that SSL certificate.

Improve this answer
1
  • Can you help me setting up HTTPS on WCF? I have a server and a client and i can't for the life of me get it to work ! :(
    – jordan
    Commented Nov 14, 2012 at 18:44
9

If you bind a certificate using the IIS GUI (inetmgr.exe), then perform 'netsh http show sslcert'. You'll see the AppID of {4dc3e181-e14b-4a21-b022-59fc669b0914}, which is the AppID IIS uses, so it's the appid I use, too.

Improve this answer
1
  • 8
    Which is probably not a terribly good idea, since the point of the appid is to differentiate between certificates added by different applications.
    – Oskar Berggren
    Commented Nov 30, 2015 at 8:57
5

"It always says Invalid Argument …"

Try appid="{7E46BD40-39C6-4813-B414-019AD1122333}"

with quotes.

See also "The parameter is incorrect" error using "netsh http add sslcert".

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.