The certificate, including the private key, as described above in the previous section should be imported to computer computer’s certificates store on in a Windows host, where Message Broker is installed. The certificate should be imported to Personal/Certificates folder in the Certificate Store:

Reserve HTTPS URL space, assign certificate to the reserved port

Like in case of a pure-HTTP service, a URL namespace needs to be reserved on Windows system. This is done with netsh command. Example of the command that reserves HTTPS port 9697 for the service:

netsh http add urlacl url=https://+:9697/proaxia.e4c.mbroker.Outbound.WebService/SendOutboundMessageService/ user=LocalService 

Afterwards, the certificate imported in the previous step needs to be assigned to the HTTPS port reserved in the previous step. Assuming, the HTTPS port is 9697, as in the example above, the command should look like:

netsh http add sslcert ipport=0.0.0.0:9697 certhash=6f799ad274bf98ce2b9a05635cd96d3d7890e2aa appid={9ac5f151-210e-460c-92cd-c0bea90ee8be} 

...

1. Double-click the certificate file in Windows Explorer. That should open a certificate import wizard.

...

2. In the wizard, select Local Machine as Store Location.

...

3. Confirm file path to be imported.

...

 4. Enter password for the private key embedded in the pfx file.

...

5. Select Personal as a Certificate store.

...

6. The certificate should be added to the list of certificates on the server.

...

7. Afterwards, the certificate should be referred to as follows in the yaml configuration file:

  Https:
    Enabled: true
    CertificateStore:
      StoreName: My
      Location: LocalMachine
      CertificateSubject: "*.proaxia-consulting.com"