Updating Snow Inventory SSL Certificates

Discussion created by ken.staude Advocate on Jul 19, 2019
Latest reply on Dec 4, 2019 by ken.staude

Hi everyone -


I had an installation of Snow Inventory Server 6 which we had performed the installation with a SSL Certificate on HTTPS which had recently expired. Once expired we saw that all Windows clients were no longer able to communicate with the SI Master Server. With the certificate expired, we needed to find a process for updating the certificate to a new one with an extended expiration date.


While I wasn't able to find my exact issue/process in the community specifically, I did find some hints within the SI User Guide which was helpful in combination with some other general searching. Here is the process which I followed that appears to have resolved the issue:


  1. From a Command Prompt/PowerShell (elevated)
  2. Run the command "netsh http show sslcert" to display the current SSL Cert settings and copy these details out to a text file for your reference:
  3. To remove the old certificate binding, run the command "netsh http delete sslcert"
  4. Add/Import the new certificate into the Certificate Store
  5. On the Certificate, Details, document the "Thumbprint" value (no spaces, also make sure there are no hidden characters/symbols)
  6. In order to bind the new certificate, run the following command
    • netsh http add sslcert certhash=<Insert Thumbprint value> appid={Insert Application ID} clientcertnegotiation=enable
      • NOTE: In my situation when I did a "show", "Negotiate Client Certificate" showed enabled so I wanted this SSL Cert to be the same but may not be required in your situation. 
      • Adjust your IP/Port accordingly
      • For certhash, remove any spaces
      • For Application ID, use the same value from the "show" command which should correlate to the Snow Inventory Server application.
      • For Application ID, include the brackets { }
  7. The certificate should now be bound to the application, recommend restarting the Snow Inventory service