Appendix B:Finding the CertHash

To find the certhash, you need to find the certificate's ThumbPrint which can be found in a couple of ways using either of the following:

• The IIS Certificate Manager OR

• The Windows Certificate Storage Manager

Using IIS to get the Certificate Info

If IIS is installed, then this is the easier option. From here you can easily see all installed certificates. The UI is also the easiest way to create local self-signed certificates.

To look up an existing certificate, simply bring up the IIS Management Console, go to the Machine node, then Server Certificates:

You can see the certificate hash in the rightmost column. You can also double click and open the certificate and go in the Details of the certificate. Look for the thumbprint which contains the hash.

Unfortunately, it is difficult to copy the hash from either of these interfaces, so you either have to copy it manually or remove the spaces from the thumbprint data in the dialog after copying it.

Note: When copying the thumbprint from Certificate Manager in the details window, a hidden character may get copied at the start. You can check this by using the cursor to move through it - delete it if it's there! Leaving it in can cause the "The Parameter is Incorrect" message despite everything looking fine at the command prompt. This was noted in testing on Windows 8 and Server 2012.