Windows server and netsh

Hi,
I have a Windows Server 2022 (hosted in Azure) that runs a bespoke web service (provided as a self-contained windows service). The 3rd party app provides this documentation - (https://smartfreight.atlassian.net/wiki/spaces/SMAR/pages/375291905/SSL+Certificate) - which seeks to have the SSL cert bound using the netsh cmd. Can certbot handle this or what do I need to do to automate it?

Thanks in advance.

Barry

1 Like

Certbot has a --deploy-hook option which allows you to run scripts whenever a cert is created. You could add the needed commands there. Perhaps the vendor could provide a powershell script to extract the thumbprint from the cert to do the netsh command.

You might also want to look at other ACME clients designed for windows. Perhaps they offer better integration for this. Perhaps Certify The Web?

4 Likes

Yep your cert needs to be stored in the Windows local machine certificate store first, and you need to know the cert hash/thumbprint. Based on the smartfreight example, I think a powershell script for Certify The Web (see the Tasks tab) would be:

param($result)

netsh http delete sslcert hostnameport=yourapp.domain.com:443
netsh http add sslcert hostnameport=yourapp.domain.com:443 certhash=$result.ManagedItem.CertificateThumbprintHash  appid='{a4dc7c73-85a3-45e0-872f-0ad6937bd44f}'

You may be able to use a similar script with other acme tools, but your app requires a PFX in the Windows certificate store (I'm presuming the My store), for certbot you need to convert to PFX and store it, then get the thumbprint and apply that in your script.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.