The QUBEdocs Agent runs off a Windows service through port number 8081. In this guide we will show you how to get this service to use SSL.
Add the Certificate Snap-In to MMC
Before you can add certificates to the Windows Certificate Store, you must add the Certificate snap-in to the Microsoft Management Console (MMC).
Open MMC by hitting the Windows key + R and typing mmc. To add the snap-in go to File Add/Remove Snap-in.
Add the Certificates - Current User and Certificates (Local Computer) snap ins and click OK.
Certificate
First you will need to create a certificate. If your organization has a way to do this, you can skip this step. Otherwise we will show you how to create a self-signed certificate.
Open PowerShell in Administrator mode and run the following command (replace parameter values as wanted/necessary):
New-SelfSignedCertificate -DnsName localhost -FriendlyName friendlyCertName -CertStoreLocation cert:\LocalMachine\My
Next open the certificate manager by hitting the Windows key + R and typing certlm.msc
You will export the certificate from the personal key store and import it into the trusted root certificate store.
Make sure you export the private key with the certificate.
The default settings below are fine. Do not delete the private key if export is successful
Protect the private key with a password and change the encryption from SHA1.
Name your certificate and save it.
Note where your file has been saved.
Now import your certificate and key into the Trusted Root Certification Authority store.
You want to import your certificate into the Trusted Root Certification Authorities store.
Complete the wizard. If you do not have the thumbprint for your certificate, double click on the certificate in certlm and go to the details. Scroll down until you find thumbprint.
Binding a certificate to a port
To bind the certificate to the port, open powershell in administrator mode and run the following command:
netsh http add sslcert ipport=0.0.0.0:8081 appid=’{214124cd-d05b-4309-9af9-9caa44b2b74a}’ certhash=
Note: your certificate’s thumbprint should have no spaces within it, the 0.0.0.0:8081 parameter for ipport means any ip on the 8081 port.
You can remove the binding by running the following
netsh http delete sslcert ipport=0.0.0.0:8081
To check the binding info run
netsh http show sslcert ipport=0.0.0.0:8081
Comments
0 comments
Please sign in to leave a comment.