--confighttp - kenaro.docu

Syntax

kenaflow.exe --confighttp --thumbprint <thumbprint-as-hex-string> -ipport <ip-address:port-as-int> [--hostnameport <host-name:port-as-int>] [--certstore <cert-store>]

Old command line parameter (<= kenaflow 3.0.14):

kenaflow.exe --registersslcertforrer --thumbprint <thumbprint-as-hex-string> -ipport <ip-address AND port-as-int>

Description

This command line switch is used to register an SSL certificate for the "Remote Event Receiver" TCP HTTP endpoint.

The certificate is specified using its thumbprint.

If you copy the thumbprint out of the certificate property window please make sure that no hidden characters are copied! This is a known problem! First copy the thumbprint to notepad.exe and select all characters from the first HEX digit to the last.

Update to the last note: We have implemented a workaround: all characters other than 0..9 and a..f and A..F are removed from the thumbprint. Now it should work!

If --certstore <cert-store> is not specified the SSL certificate is taken from the "My" ("Personal") store of the local machine. WebHosting is also a common certificate store for SSL certificates.

You need to enable the kenaflow execution account to access the private key. Please use command line switch --securing to grant access for users to the certificate private keys.

When changing the Remote Event handler settings in the global config you maybe need to run kenaflow.exe --updatenetsecurity to grant access to the new URL. Execute it for the kenaflow service account to make sure that the account has at least read permissions on the private key of the certificate! This is a known problem!

With --ipport <ip-address:port-as-int> you can bind the SSL certificate to an IP/port endpoint.

With --hostnameport <hostname:port-as-int> you can bind the SSL certificate to an host name/port endpoint.

You cannot use --ipport and --hostnameport together. But you use them separately to bind the certificate to multiple endpoints.

Example

The following example shows how to bind the certificate to port 443 of IP address 172.16.1.1. No host name is specified.

kenaflow.exe --confighttp --thumbprint "AA-BB-CC-DD-EE-FF-00-11-22-33-44-55-66" --ipport "172.16.1.1:443"

The following example shows how to bind the certificate to port 443 of all IP addresses (0.0.0.0) with host name "server.kenaflow.com"

kenaflow.exe --confighttp --thumbprint "AABBCCDDEEFF00112233445566" --hostnameport "server.kenaflow.com:443" --certstore "WebHosting"