How to bind an SSL certificate to the HTTP API

Simple DNS Plus v. 7.0 and later support using SSL with the HTTP API.

The HTTP API uses the Windows HTTP Server API allowing it to share IP / port / host name with IIS web-sites and other programs on the same computer. This also means that SSL must be setup at the system level rather than in Simple DNS Plus itself.

The easiest way to setup SSL for the Simple DNS Plus HTTP API is if you are also running your SSL based web-site on IIS on the same computer.

In this scenario you setup the web-site for SSL in IIS as normal:

And then simply configure the Simple DNS Plus HTTP API to use a sub-path of the same site:

This way you don't need to do anything else to enable SSL.


If above does not match your setup, you will need to bind an SSL certificate to the ip / host name and port number used by the HTTP API using the "netsh" command line utility.

Note that the easiest way to obtain an SSL certificate might still be through IIS (on this or another computer). Once the certificate is obtained, you can export it (including the private key) as a .pfx file, and import it on the computer running Simple DNS Plus (using the Certificates snap-in in MMC - see below).

Once you have the SSL certificate on the computer, you need to find the hash / thumb-print value for the certificate. You do this by locating the certificate in the Certificates snap-in in MMC, and then copying the thumb-print value.

To do that, follow these steps:

  • Open a Command Prompt window as Administrator.
  • Type mmc and press the ENTER key.
  • On the File menu, click Add/Remove Snap In.
  • In the Add or Remove Snaps-ins dialog box, select Certificates.
  • Click Add.
  • In the Certificates snap-in dialog box, select Computer account and click Next.
  • In the Select Computer dialog box, click Finish.
  • In the Add or Remove Snap-ins dialog box, click OK.
  • In the Console Root window, click Certificates (Local Computer) to view the certificate stores for the computer.
  • Locate the certificate you need - typically under Personal / Certificates.
  • Double click the certificate to open it.
  • Select the "Details" tab.
  • Scroll down and click the "Thumbprint" field.
  • Select and copy the value.
  • If the value contains spaces, you need to remove these so that you get one continuous string.

Next you need to open a command prompt as Administrator and type:

If you want to bind the certificate to a hostname / port:

netsh http add sslcert hostnameport=simpledns.com:443 certhash=99111b9ba1d6146e5efc3353c199b72f13171d71 appid={64813f3e-afe6-4426-ba50-1b56091064c6} certstorename=MY

If you want to bind the certificate to an IP address / port:

netsh http add sslcert ipport=127.0.0.1:443 certhash=99111b9ba1d6146e5efc3353c199b72f13171d71 appid={64813f3e-afe6-4426-ba50-1b56091064c6}

The value following certhash= is the thumbprint value you obtained above.

The value following appid= is a random value identifying this binding. We suggest using {64813f3e-afe6-4426-ba50-1b56091064c6} as in the samples above - this way it easy to spot the Simple DNS Plus HTTP API binding if you return to this documentation later on.

For more in-depth information on this, the following articles might be useful:

 Comments
Gravatar
25 Jun 2018 11:47 UTC
Rudy Affandi
Do you have any information on how to use Let's Encrypt SSL on SimpleDNS?

Thx
JH Software
30 Jun 2018 08:57 UTC
JH Software
Not specifically for Let's Encrypt no.
But there should be plenty of information about that with IIS - which would apply here as well.
Gravatar
3 Jul 2018 15:23 UTC
Rudy Affandi
Thanks. I've finally managed to get my SDNS API to run on Let's Encrypt SSL. The easiest path for me is to use Certify app (https://certifytheweb.com/) and IIS.
(Never published. Used for replies and to show your Gravatar icon. Never used for any other purpose.)
Connect