Assigning Certificates to applications (without IIS)

Hi,

it is hard work to implement a web page using HttpListener! It is easy to turn the HttpListener to listen to https (by changing the listening prefix) but to get this up and running is still a challenge!

You need to:

• create a temporary CA
  makecert -n "CN=TempCA" -r -sv TempCA.pvk TempCA.cer
  see: https://msdn.microsoft.com/en-us/library/windows/desktop/aa386968(v=vs.85).aspx
  
• import it as CA in the mmc / certificates / trusted root certificate
  see: https://msdn.microsoft.com/en-us/library/e78byta0(v=vs.110).aspx
  
• create your own certificate
  makecert -iv TempCA.pvk -n "CN=App1" -sv App1.pvk -ic TempCA.cer App1.cer -sr LocalMachine -ss My -sky exchange -pe
  
• create pfx file (containing the keys too)
  pvk2pfx -pvk "App1.pvk" -pi PASSWORD -spc "App1.cer" -pfx "App1.pfx"
  see: https://msdn.microsoft.com/en-us/windows/hardware/drivers/devtest/pvk2pfx
  
• assign the certificate to the app:
  netsh http add sslcert ipport=0.0.0.0:443 appid={GUID OF THE APP} certhash=HASH_FOUND_IN_MMC
  see: https://msdn.microsoft.com/en-us/library/windows/desktop/cc307220(v=vs.85).aspx

I followed the instructions of http://sunshaking.blogspot.co.at/2012/11/https-communication-httplistener-based.html , but still needed more than 4 hours to get it up and running. Important is to work with the generated pfx file! It is clear but it is not mentioned explicitly in the article... also keep an eye on the icons. if you have the pfx file, you need to see a lock symbol in the mmc.

kr,

Daniel