Link the certificate to BranchCache

  • Article

Applies To: Windows 7, Windows Server 2008 R2

You can use these procedures to obtain the SHA-1 hash, also called the thumbprint, of the server certificate of a hosted cache server so that you can then link the certificate to BranchCache. These procedures must be performed on a hosted cache server to which a server certificate has already been enrolled.

Membership in Administrators or equivalent is the minimum required to perform this procedure.

To obtain the SHA-1 hash of the hosted cache server certificate

  1. On Hosted-01, click Start, click Run, type mmc, and then press ENTER. The Microsoft Management Console (MMC) opens.

  2. In the MMC, on the File menu, click Add/Remove Snap-in. The Add or Remove Snap-ins dialog box opens.

  3. In Add or Remove Snap-ins, in Available snap-ins, double-click Certificates. The Certificates snap-in dialog box opens. Click Computer account, and then click Next.

  4. In Select Computer, in This snap-in will always manage, ensure that Local computer: (the computer this console is running on) is selected, click Finish, and then click OK.

  5. In the navigation pane, double-click Certificates (Local Computer) and then double-click the Personal certificate store.

  6. The Certificates folder is a subfolder of the Personal certificate store. Click the Certificates folder.

  7. In the details pane, browse to the server certificate that was issued by Hosted-01 and double-click the certificate. The Certificate dialog box opens.

  8. In the Certificate dialog box, click the Details tab. In the list of fields, select Thumbprint.

  9. In the lower pane, the hexadecimal string that is the SHA-1 hash of your certificate is displayed. Select the SHA-1 hash and press the Windows keyboard shortcut for the Copy command (Ctl+C) to copy the hash to the Windows clipboard.

  10. Click Start, click All Programs, click Accessories, and then click Notepad. The Notepad application opens.

  11. In Notepad, press the Windows keyboard shortcut for the Paste command (Ctl+V) to paste the SHA-1 hash into a new text file. Remove all of the spaces between the characters in the SHA-1 hash so that the hash contains no spaces, and then save the text file to hard disk.

Note

In the next procedure where you link the hosted cache server certificate to BranchCache, you will use the SHA-1 hash of the certificate while running a network shell (netsh) command.

  1. On the BranchCache hosted cache server that you want to configure, click Start, click Search programs and files, and then type command. In search results, under Programs, right-click Command Prompt, and then click Run as Administrator. The command prompt opens with the elevated privileges that are required to run netsh commands.

  2. Open the text file that you created using Notepad, and use the SHA-1 hash to create and run the command below.

  3. Run the following command: **netsh http add sslcert ipport=0.0.0.0:443 certhash=**SHA-1_Hash appid={d673f5ee-a714-454d-8de2-492e4c1bd8f8}, where SHA-1_Hash is the SHA-1 hash of the server certificate on the hosted cache server. After you run the command, the message, “SSL Certificate successfully added” is displayed in Command Prompt.

  4. To verify the binding of the certificate, run the following command to display SSL certificate bindings: netsh http show sslcert