Wednesday, June 25, 2008

On using the Httpcfg tool in Windows XP Professional

HTTPCFG.EXE is generally found in these locations on your computer:





The next listing shows the Syntax for running this query

C:\>httpcfg query
ACTION - set query delete
STORENAME - ssl urlacl iplisten
[OPTIONS] - See Below
Options for ssl: -i IP-Address - IP:port for the SSL certificate (record key)
-h SslHash - Hash of the Certificate.
-g GUID - GUID to identify the owning application.
-c CertStoreName - Store name for the certificate. Defaults to "MY". Certificate must be stored in the LOCAL_MACHINE context.
-m CertCheckMode - Bit Flag 0x00000001 - Client certificate will not be
verified for revocation. 0x00000002 - Only cached client certificate revocation will be used. 0x00000004 - Enable use of the Revocation freshness time setting. 0x00010000 - No usage check.
-r RevocationFreshnessTime - How often to check for an updated certificate revocation list (CRL). If this value is 0, then the new CRL is updated only if the previous one expires. Time is specified in seconds.
-x UrlRetrievalTimeout - Timeout on attempt to retrieve certificate revocation list from the remote URL. Timeout is specified in Milliseconds.
-t SslCtlIdentifier - Restrict the certificate issuers that can be trusted. Can be a subset of the certificate issuers that are trusted by the machine.
-n SslCtlStoreName - Store name under LOCAL_MACHINE where SslCtlIdentifier is stored.
-f Flags - Bit Field 0x00000001 - Use DS Mapper. 0x00000002 - Negotiate Client certificate. 0x00000004 - Do not route to Raw ISAPI filters.
Options for urlacl: -u Url - Fully Qualified URL. (record key) -a ACL - ACL specified as a SDDL string.
Options for iplisten: -i IPAddress - IPv4 or IPv6 address. (for set/delete only)

If you want to find the URLs and associated ACLs run this query on your computer.

C:/>httpcfg query urlacl

or with the u flag as in,

C:/>httpcfg query urlacl /u

Both return the same result and there will be no completed final message.

No comments: