The netsh command wants an appid (see here) :
netsh http add sslcert ipport=0.0.0.0:8000 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF}
I've not been able so far to understand how I'm supposed to know the GUID netsh wants me to provide. Any hints?
You can use any valid GUID. It is only used to allow you to identify the binding later.
I used the Application GUID for my WCF service that is located within the AsseblyInfo.vb (VB.NET) or AssemblyInfo.cs (C#) file of my hosting application (Windows Service) as show below:
<Assembly: Guid("8fbacae2-bd4e-8ef5-b202-1561845dd04f")>
I used this as the appid parameter for the netsh.exe tool like so:
appid={8fbacae2-bd4e-8ef5-b202-1561845dd04f}
It worked perfectly and my WCF service uses Https via that SSL cert.
If you bind a cert using the IIS GUI (inetmgr.exe), then perform 'netsh http show sslcert', you'll see the AppID of {4dc3e181-e14b-4a21-b022-59fc669b0914}, which is the AppID IIS uses, so it's the appid I use, too.
"It always says Invalid Argument …"
try appid="{7E46BD40-39C6-4813-B414-019AD1122333}"
with quotes.
(Sorry, not direct answer to this question, but this is often first google hit, and a lot of people seem to have this problem.
More: "The parameter is incorrect." error using netsh http add sslcert)