Пока не забыл, т.к. процедура оказалась неочевидной. Речь идет о не о самоподписанном, на который будут ругаться все браузеры, а полученном от официального регистратора.
1. Получить сертификат. Обычно это 2-3 файла: сертификат (.crt)+ключ (.key) + сертификат доверенного центра (.crt)
2. Сертификат центра при необходимости - ставим в реестр
3. Конвертируем сертификат и ключ в pfx формат с помощью openssl. Точную команду можно собрать\нагуглить\ или вспомить какую строку делал я. Что-то типа: openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt
4. Устанавливаем IIS
5. Пробуем подключить сертификат к порту. Если удалось, то проверяем: netsh http show sslcert
6. Если не удалось, то ставим оснастку по инструкции с MSDN (в переводе не нуждается):
You must also have access to the Certificates snap-in and have it set to view computer certificates from the local computer (though this can be done remotely).
In order to view the Certificates store on the local computer, perform the following steps:
- Click Start, and then click Run.
- Type "MMC.EXE" (without the quotation marks) and click OK.
- Click Console in the new MMC you created, and then click Add/Remove Snap-in.
- In the new window, click Add.
- Highlight the Certificates snap-in, and then click Add.
- Choose the Computer option and click Next.
- Select Local Computer on the next screen, and then click OK.
- Click Close , and then click OK.
- You have now added the Certificates snap-in, which will allow you to work with any certificates in your computer's certificate store. You may want to save this MMC for later use.
Now that you have access to the Certificates snap-in, you can import the server certificate into you computer's certificate store by following these steps:
- Open the Certificates (Local Computer) snap-in and navigate to Personal, and then Certificates.
Note: Certificates may not be listed. If it is not, that is because there are no certificates installed. - Right-click Certificates (or Personal if that option does not exist.)
- Choose All Tasks, and then click Import.
- When the wizard starts, click Next. Browse to the PFX file you created containing your server certificate and private key. Click Next.
- Enter the password you gave the PFX file when you created it. Be sure the Mark the key as exportable option is selected if you want to be able to export the key pair again from this computer. As an added security measure, you may want to leave this option unchecked to ensure that no one can make a backup of your private key.
- Click Next, and then choose the Certificate Store you want to save the certificate to. You should select Personal because it is a Web server certificate. If you included the certificates in the certification hierarchy, it will also be added to this store.
- Click Next. You should see a summary of screen showing what the wizard is about to do. If this information is correct, click Finish.
- You will now see the server certificate for your Web server in the list of Personal Certificates. It will be denoted by the common name of the server (found in the subject section of the certificate).
7. Ну и теперь привязываем к порту и адресу используемому программой .NET командой:
netsh Http add sslcert ipport=ip.ip.ip.ip:порт certhash=ОТПЕЧАТОКСЕРТИФИКАТА appid={??????}
Если надо то отвязка сертификата:
netsh Http delete sslcert ipport=ip.ip.ip.ip:порт
