Binding SSL certificates to Warewolf Server for HTTPS communication

Warewolf currently supports HTTPS communication via a self-signed certificate that is created when Warewolf is installed. Obviously this is not ideal and hitting a HTTPS Warewolf endpoint, it will have browsers shouting and complaining about the certificate being invalid.

bind ssl certificates

So I decided it was a good idea to put together a quick post on how to unbind the self-signed certificate and bind a valid one if you have so that HTTPS is not considered insecure.

Steps to bind SSL certificates to Warewolf

  1. Open a Windows command prompt as Administrator
  2. Get a list of the current bindings using the following command:
netsh http show sslcert > c:\sslcert.txt

This command will write all the SSL bindings to the file above (sslcert.txt)

  1. Now we get the Warewolf Application ID by looking for the 0.0.0.0:3143 (Warewolf SSL port) binding in the file from above. You should see something like ApplicationID: {12345678-db90-4b66-8b01-88f7af2e36bf}
  2. Next you will need to get the certificate hash for your domain certificate that is bound for IIS. This should be found in the text file from Step 1 and should be attached to a 0.0.0.0:443 binding. The listing should look like:
IP:port         : 0.0.0.0:443
Certificate Hash: 3b42b63b64xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  1. Now we stop the Warewolf Server service. To do this open the services management console by doing the following:
  • Windows Key+R
  • type services.msc into the Open textbox
  • Click OK or hit enter

In the services management window find Warewolf Server Service and stop it.

Https and SSL certificate in Warewolf

  1. Delete the existing Warewolf SSL binding by running the following code:
netsh http delete sslcert 0.0.0.0:3143
  1. The next step is now to bind your valid certificate to Warewolf using the certificate hash and the Warewolf Application ID that was obtained above by using the following command
netsh http add sslcert ipport=0.0.0.0:3143 appid={12345678-db90-4b66-8b01-88f7af2e36bf} certhash=3b42b63b64xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  1. Last step is to simply restart the Warewolf Service by using the services console we opened earlier.

 

Provided your certificate is valid, any web request to a Warewolf endpoint using HTTPS should now be valid and no longer have browsers complaining that it is potentially insecure.

 

Hopefully this removes the mystery from changing the certificate for Warewolf SSL communications and allows you to secure your Warewolf endpoints. If you need more detailed support on the issue, get in touch via the Community Forum, we’re happy to help!

FacebookTwitterLinkedInGoogle+RedditEmail

Leave A Comment?