Httpcfg Syntax

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Httpcfg helps you manage the HTTP API.

Httpcfg Syntax

Httpcfg uses the following syntax:

Art Imagehttpcfg {set | query | delete} {ssl | query | iplisten} [/i Ip:Port] [/h SSL Hash] [/g"{GUID}"] [/c StoreName] [/m CheckMode] [/r RevocationFreshness] [/x UrlRetrievalTimeout] [/t SslCtlIdentifier] [/n SslCtlStoreName] [/f Flags] [/u {https://URL:Port/ | https://URL:Port/}] [/a ACL]

Parameters

"Action" commands are: set, query and delete. They are followed by a set of arguments, ssl, urlacl, and iplisten, which are known as "store" arguments. Depending on the value of action and store, different parameters are then available. For example, the set ssl command may take a different set of parameters than the query ssl command.

  • Art Imagehttpcfg {action} {store} [parameter]

Action commands

  • set
    Creates a configuration record containing the values specified by the ssl, urlacl, or iplisten argument. This record is then added to the HTTP API configuration store. The call fails if a record with the specified values already exists. To change a given configuration record, you must first delete it, and then recreate it by using set with the updated value(s).
  • query
    Retrieves one or more HTTP API configuration records.
  • delete
    Deletes the specified information, such as IP addresses or SSL certificates, from the HTTP API configuration store, one record at a time.

Store arguments

  • ssl
    Depending on the Action command used, adds (set), queries or deletes SSL certificate meta-information. Such meta-information is maintained by the HTTP API in a metastore, and is used to locate certificates for certificate exchange during HTTPS sessions.
  • urlacl
    Depending on the Action command used, adds (set), queries, or deletes namespace reservations. The HTTP API allows administrators to reserve URI namespaces and protect them with Access Control Lists (ACLs), so that only specified HTTP API clients can use them.
  • iplisten
    Depending on the Action command used, adds (set), queries, or deletes Internet Protocol (IP) addresses in the IP Listen List. If this list is present, the HTTP API listens only to addresses on the list.

httpcfg set ssl

  • /iIp:Port**
    The /i parameter takes a string that specifies the IP-Address:port combination. This serves as the record key identifying the SSL certificate being added. When using set ssl, the /i parameter is required.
  • /hSSL Hash**
    The /h parameter takes a string of hexadecimal digits specifying the Thumbprint hash of the certificate being added. This is not a required parameter, however the SSL connection will fail if the hash is invalid.
  • /g"{GUID}"
    The /g parameter takes a string representing a Globally Unique Identifier (GUID) that identifies the application that added the certificate. In the case of Httpcfg, the GUID must be generated by the user. The enclosing quotation marks and curly braces are required; the /g parameter will not work without them. For more information on generating GUIDs, see Generating Interface UUIDs on the Microsoft Developer Network (MSDN).
  • /cStoreName**
    The /c parameter takes a string that specifies the name of the store where the certificate being added resides. If no string is specified, the name "MY" is used by default.
  • /mCheckMode**
    The /m parameter takes a string containing one or more numbers representing flags that determine the default mode for checking the certificate. The numbers may consist of one or more of the following flag values:
    • 1 - Client certificate will not be verified for revocation.

    • 2 - Use cached client certificate revocation.

    • 4 - Enable revocation freshness time.

    • 65536 - No usage check.

  • /rRevocationFreshness**
    The /r parameter takes a string of numbers that specify the revocation freshness time for the certificate. Revocation freshness represents the number of seconds after which to check for an updated certificate revocation list (CRL). If this value is absent or zero, the new CRL is updated only when the previous one expires.
  • /xUrlRetrievalTimeout**
    The /x parameter takes a string of numbers representing the timeout interval, in milliseconds, for retrieving a certificate revocation list from the remote URL.
  • /tSslCtlIdentifier**
    The /t parameter takes a string that specifies an SSL control identifier, which restricts the group of certificate issuers to be trusted. This group must be a subset of the certificate issuers trusted by the machine being administered.
  • /nSslCtlStoreName**
    The /n parameter takes a string containing the name of the store in which to look up the control identifier specified by the /t parameter.
  • /fFlags**
    The /f parameter takes a string containing a number that controls how client certificates are handled. This number may consist of one or more of the following values:
    • 1 - Use DS Mapper.

    • 2 - Negotiate client certificate.

    • 4 - Do not route to raw ISAPI filters.

httpcfg query ssl

  • /iIp:Port**
    The /i parameter takes a string that specifies the IP-Address:port combination. This serves as the record key identifying the SSL certificate being queried. If this parameter is omitted, then the query returns all records in the SSL store.

httpcfg delete ssl

  • /iIp:Port**
    The /i parameter takes a string specifying the IP-Address:port combination. This serves as the record key identifying the SSL certificate to be deleted. When using delete ssl, the /i parameter is required.

httpcfg set urlacl

  • /u {https://URL:Port/ | https://URL:Port/}
    The /u parameter takes a string containing a fully qualified URL that will serve as the record key for the reservation being made. When using set urlacl, the /u parameter is required.
  • /aACL**
    The /a parameter takes a string containing an Access Control List in the form of a Security Descriptor Definition Language (SDDL) string. For more information see Httpcfg Remarks. When using set urlacl, the /a parameter is required.

httpcfg query urlacl

  • /uURL**
    The /u parameter takes a string containing a fully qualified URL that identifies the reservation being queried. If no string is specified, the query returns all reservations in the store.

httpcfg delete urlacl

  • /uURL**
    The /u parameter takes a string containing a fully qualified URL that identifies the reservation to be deleted. When using delete urlacl, the /u parameter is required.

httpcfg set iplisten

  • /iIp:Port**
    The /i parameter takes a string specifying the IP address to be added to the IP-Listen List. This can be either an IPv4 or IPv6 address. When using set iplisten, the /i parameter is required.

httpcfg query iplisten

  • /iIp:Port**
    The /i parameter takes a string specifying the exact IP address to be queried. If absent, the query returns all addresses in the store.

httpcfg delete iplisten

  • /iIp:Port**
    The /i parameter takes a string specifying the IP address to be deleted from the IP-Listen List. This can be either an IPv4 or IPv6 address. When using delete iplisten, the /i parameter is required.

See Also

Concepts

Httpcfg Overview
Httpcfg Remarks
Httpcfg Examples
Alphabetical List of Tools
Spcheck Overview
Nltest Overview
Netdom Overview
Netdiag Overview
Netcap Overview
Dnslint Overview
Dnscmd Overview
Dhcploc Overview
Dcdiag Overview
Browstat Overview