So I'm trying to add my SSL certificate via netsh with legacy TLS versions disabled but it's always complaining about The syntax supplied for this command is not valid. Check help for the correct syntax. although it is definitely written correctly. As soon as I remove the parameter disablelegacytls=enable the command succeeds. Has anyone ever gotten this to work?
PS C:\Users> netsh http add sslcert ipport=0.0.0.0:60066 certhash=$thumbPrint appid=$appId disablelegacytls=enable
The syntax supplied for this command is not valid. Check help for the correct syntax.
Usage: add sslcert hostnameport=<name:port> | ipport=<ipaddr:port> | ccs=<port>
appid=<GUID>
[certhash=<string>]
[certstorename=<string>]
[verifyclientcertrevocation=enable|disable]
[verifyrevocationwithcachedclientcertonly=enable|disable]
[usagecheck=enable|disable]
[revocationfreshnesstime=<u-int>]
[urlretrievaltimeout=<u-int>]
[sslctlidentifier=<string>]
[sslctlstorename=<string>]
[dsmapperusage=enable|disable]
[clientcertnegotiation=enable|disable]
[reject=enable|disable]
[disablehttp2=enable|disable]
[disablequic=enable|disable]
[disablelegacytls=enable|disable]
[disabletls12=enable|disable]
[disabletls13=enable|disable]
[disableocspstapling=enable|disable]
According to the official docs this is how it should work: https://learn.microsoft.com/en-us/security/engineering/disable-legacy-tls#option-2-powershell-available-in-windows-10-version-2004-and-windows-server-version-2004-and-newer
PS C:\Users> (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion") | select ProductName, ReleaseId, CurrentMajorVersionNumber, CurrentMinorVersionNumber, CurrentBuildNumber, UBR
ProductName : Windows Server 2019 Standard
ReleaseId : 1809
CurrentMajorVersionNumber : 10
CurrentMinorVersionNumber : 0
CurrentBuildNumber : 17763
UBR : 5458