Configuring SSL certificates for IIS web server and WCF use with NETSH

When working with applications hosted on IIS (or WCF services), the HTTP.SYS driver in Windows handles the actual SSL bindings for incoming HTTPS traffic. IIS exposes UI for this, but sometimes it's easier to configure the certificate bindings directly using the netsh command-line utility.

For example, to bind a certificate to port 443 for all IP addresses on the server, run:

netsh http add sslcert ipport=0.0.0.0:443 
    certhash=<YOUR-CERT-THUMBPRINT>
    appid={00000000-0000-0000-0000-000000000000}

You can view existing bindings with:

netsh http show sslcert

This is particularly useful when configuring WCF services that use wsHttpBinding or basicHttpsBinding, because WCF requires that the SSL certificate is already associated with the desired port before the service host is started.

If you are deploying to multiple servers, scripting your SSL bindings through netsh makes the process consistent and reproducible. Just be sure to pick the correct certificate thumbprint for each environment.