Netsh commands

Many times certificate bindings get stuck in IIS or Exchange, when assigned to IIS. The NetSH Commands are very powerful in diagnosing and also fixing the issue.

The following command will display all current bindings for the serer:

netsh http show sslcert

And this is what the output looks like:

Note that the Certificate Hash is the Thumbprint of the certificate itself. If you notice a binding, or IPPort isn't using the certificaet expected, you will wan't to delete it first:

netsh http delete sslcert ipport=10.161.128.9:443

Then you will manually recreate the IPPort using the new cert:

netsh http add sslcert ipport=10.161.128.9:443 certhash=XXXXCertThumpringXXXXX appid={4dc3e181-e14b-4a21-b022-59fc669b0914}

Note:

ipport=internal IP of server (or 0.0.0.0)
certhash= THUMBPRINT of Certificate
appid= The ID of the application (you can view the AppID by the first command given in this document
If the binding already exists, you will get an error "SSL Certificate add failed, Error: 183 Cannot create a file when that file already exists."