![\"Adding](\"https:\/\/overlaps.co.uk\/docs\/wp-content\/uploads\/2026\/03\/configuration_utility_users_and_groups.png\")
To add an Administrator from the Configuration Utility, navigate to the Users and Groups tab, then:<\/p>\n\n\n\n
- \n
- Click New<\/strong><\/li>\n\n\n\n
- Enter the domain and username<\/strong> of the user<\/li>\n\n\n\n
- Check the Administrator<\/strong> box<\/li>\n\n\n\n
- Click Save Changes<\/strong><\/li>\n<\/ol>\n\n\n\n
The user should now appear in the list on the left of the window with a check under the “Admin” column.<\/p>\n\n\n\n
Adding an Administrator from OLconfig.exe<\/h3>\n\n\n\n
![\"olconfig.exe](\"https:\/\/overlaps.co.uk\/docs\/wp-content\/uploads\/2026\/03\/config_cli_users_add.png\")
olconfig.exe user \/help<\/figcaption><\/figure>\n\n\n\n To add an administrator from the command line you can use the olconfig.exe tool as shown below. (substituting \u201c<myusername>\u201d for the user’s Active Directory login name).<\/p>\n\n\n\n
olconfig.exe user <myusername> \/add \/admin\n<\/pre>\n\n\n\n
![\"User](\"https:\/\/overlaps.co.uk\/docs\/wp-content\/uploads\/2026\/03\/config_cli_users_add_success.png\")
User added from olconfig.exe<\/figcaption><\/figure>\n\n\n\n Configuring HTTPS Connection Encryption<\/h2>\n\n\n\n
To further increase security to OVERLAPS, it is recommended that you install an SSL\/TLS certificate so that traffic between the server and a client is encrypted.<\/p>\n\n\n\n
This is particularly critical if you are intending to use the Login Form<\/strong> (as opposed to Windows Integrated Authentication), because anything entered in the form (username and password) is sent unencrypted to the server without an SSL\/TLS certificate, making it vulnerable to network sniffing attacks.<\/p>\n\n\n\n
Certificates can be obtained from third-party Trusted Authorities (such as Thawte, Comodo SSL, or Let\u2019s Encrypt). They can also be created from your own root certificate or created as standalone self-signed certificates (see Self-Signed Certificate Generator<\/a>).<\/p>\n\n\n\n
Throughout this documentation we will refer to Certificate Binding<\/strong>. This is the process and status of having an SSL\/TLS certificate mapped to a particular address on the server, for example its IP address, or a DNS identity such as “overlaps.contoso.com<\/em>“.<\/p>\n\n\n\n
For information on how to create a properly-formed self-signed certificate, see our guide here<\/a>, or use the included Self-Signed Certificate Generator<\/a>.<\/p>\n\n\n\n
Once you have your certificate files (a private key for the server (.pfx or .p12), and a public key for distribution to client devices), you can install and configure encryption using either of the configuration tools, or manually using the Windows \u201cnetsh\u201d command. Each of these approaches are detailed below, but we recommend using the Configuration Utility.<\/p>\n\n\n\n
Configuring HTTPS using the Configuration Utility<\/h3>\n\n\n\n
![\"Configuring](\"https:\/\/overlaps.co.uk\/docs\/wp-content\/uploads\/2026\/03\/configuration_utility_https.png\")
Configuring HTTPS using the Configuration Utility<\/figcaption><\/figure>\n\n\n\n The list of HTTPS Certificate Bindings will be automatically populated with any discovered on the server (only those related to OVERLAPS will be shown).<\/p>\n\n\n\n
Some older versions of OVERLAPS used an alternative GUID to label their certificate bindings. If you cannot see your bindings in this list, try checking the \u201cShow Legacy Bindings\u201d option.<\/p>\n\n\n\n
Adding a New Binding<\/h4>\n\n\n\n
To start adding a new binding, click the \u201cAdd a New Binding<\/strong>\u201d button.<\/p>\n\n\n\n
![\"Adding](\"https:\/\/overlaps.co.uk\/docs\/wp-content\/uploads\/2026\/03\/configuration_utility_https_add_binding.png\")
Adding a New Certificate Binding<\/figcaption><\/figure>\n\n\n\n If you have already loaded a certificate this session, it is cached and will appear in the dropdown list so that you don\u2019t have to load it again for each binding. Otherwise, click the \u201cBrowse<\/strong>\u201d button to locate and load your private key file (*.pfx).<\/p>\n\n\n\n
If the certificate is secured with a password (which private keys normally are), you will be asked to enter it. Then you will be asked to identify the type of certificate.<\/p>\n\n\n\n
![\"Identifying](\"https:\/\/overlaps.co.uk\/docs\/wp-content\/uploads\/2026\/03\/configuration_utility_https_certificate_type.png\")
Identifying the Certificate Type<\/figcaption><\/figure>\n\n\n\n The Configuration Utility will attempt to automatically determine this, but please check that the selected value is correct.<\/p>\n\n\n\n
Full Chain Certificate<\/strong><\/p>\n\n\n\n
Select this option if the certificate was generated by a Trusted Root Authority. This can be a third-party authority (e.g. Thawte, Comodo SSL, or Lets Encrypt), or your own company root certificate.<\/p>\n\n\n\n
Self-Signed Certificate<\/strong><\/p>\n\n\n\n
Choose this option if the certificate was generated without the involvement of a trusted root authority, such as if it was generated in IIS, OpenSSL, or our own Self-Signed Certificate Generator.<\/p>\n\n\n\n
![\"Certificate](\"https:\/\/overlaps.co.uk\/docs\/wp-content\/uploads\/2026\/03\/configuration_utility_https_select_binding.png\")
Certificate Loaded, Configure the Binding<\/figcaption><\/figure>\n\n\n\n Once the certificate has been loaded or selected, select the target to bind it to (IP Address or DNS Hostname\/alias) and either select the desired value from the dropdown list or enter your own.<\/p>\n\n\n\n
The port will be automatically set to the HTTPS port configured in OVERLAPS and should not be changed here. If you need to use a different port, consider configuring that in the Host tab first.<\/p>\n\n\n\n
Once done, click \u201cCreate Binding<\/strong>\u201d to finish the process. If everything is correct, the binding will now appear in the bindings list.<\/p>\n\n\n\n
![\"Certificate](\"https:\/\/overlaps.co.uk\/docs\/wp-content\/uploads\/2026\/03\/configuration_utility_https_bindings.png\")
Certificate Binding List<\/figcaption><\/figure>\n\n\n\n If your certificate is self-signed you will need to distribute the public key part (typically a .cer or .der file) to the Trusted Root Certification Authorities store on any client computer which will be logging into OVERLAPS. This can be done using Group Policy.<\/p>\n\n\n\n
Never distribute your private key (.pfx or .p12 file).<\/strong><\/p>\n\n\n\n
Deleting an Existing Binding<\/h4>\n\n\n\n
To delete an existing binding, select it in the list and click the \u201cDelete Selected Binding<\/strong>\u201d button.<\/p>\n\n\n\n
Enabling or Disabling HTTPS in OVERLAPS<\/h4>\n\n\n\n
Once a certificate binding has been setup you can tell OVERLAPS to start processing secure requests by clicking the \u201cEnable OVERLAPS HTTPS<\/strong>\u201d button. If this reads \u201cDisable OVERLAPS HTTPS<\/strong>\u201d instead, then OVERLAPS is already configured to listen for HTTPS requests.<\/p>\n\n\n\n
Configuring HTTPS using the Configuration Utility Legacy HTTPS Mode<\/h3>\n\n\n\n
The OVERLAPS HTTPS configuration section was overhauled to provide greater control and clarity when setting it up. However, if you would prefer to go back to the legacy certificate binding tab, click the \u201cShow Legacy HTTPS Configuration Tab<\/strong>\u201d button on the Introduction tab.<\/p>\n\n\n\n
![\"Configuring](\"https:\/\/overlaps.co.uk\/docs\/wp-content\/uploads\/2026\/03\/configuration_utility_https_legacy.png\")
Configuring HTTPS using the Configuration Utility Legacy tab<\/figcaption><\/figure>\n\n\n\n To install the certificate, click browse and locate the .pfx or .p12 certificate file (your private key), and enter the password if required. Then select the correct Certificate Type for the certificate file.<\/p>\n\n\n\n
Certificate Type<\/strong><\/p>\n\n\n\n
Depending on the type of certificate (third-party or self-signed), select the Certificate Type from the dropdown. This will effect which Certificate Store it is saved into.<\/p>\n\n\n\n
If you find that the process succeeded, but your HTTPS connection keeps failing after hours or days, try unbinding it, changing this value and then re-binding it.<\/p>\n\n\n\n
If you have a certificate created from your own internal root certificate then select the option appropriate to that root certificate instead.<\/p>\n\n\n\n
Click Load Certificate<\/strong>. The Configuration Utility will attempt to load the certificate file and display its information for you to confirm.<\/p>\n\n\n\n
Once loaded, you can then specify the hostname(s), IP address and HTTPS port of your server that you want to bind the certificate to, then click Bind Certificate to OVERLAPS<\/strong> to import and bind the certificate.<\/p>\n\n\n\n
If everything works as expected, you can then click the Enable OVERLAPS HTTPS<\/strong> button to set OVERLAPS to host encrypted content.<\/p>\n\n\n\n
Wildcard Certificates (e.g. *.contoso.com)<\/h4>\n\n\n\n
Wildcard certificates are supported by OVERLAPS, but when specifying the hostname to bind, enter the actual URL of overlaps (e.g. overlaps.contoso.com) and the wildcard, separating the two with a semicolon. For example:<\/p>\n\n\n\n
![\"Binding](\"https:\/\/overlaps.co.uk\/docs\/wp-content\/uploads\/2026\/03\/configuration_utility_https_bind_to_hostname.png\")
Binding a wildcard certificate<\/figcaption><\/figure>\n\n\n\n Configuring HTTPS using olconfig.exe<\/h3>\n\n\n\n
You can install and configure HTTPS encryption using the olconfig.exe tool in one of two ways:<\/p>\n\n\n\n
Installing from the certificate file<\/h4>\n\n\n\n
If you have the certificate file available, you would use the \u201chttps \/certfile\u201d command, specifying the certificate filename and password (if needed):<\/p>\n\n\n\n
olconfig.exe https \/certfile <filename.pfx> [\/password <password>] \/ipaddress <ip address> \/port 443\nor\nolconfig.exe https \/certfile <filename.pfx> [\/password <password>] \/hostname <address> \/port 443\n<\/pre>\n\n\n\n
For example:<\/p>\n\n\n\n
olconfig.exe https \/certfile mycertificate.pfx \/password SuperSecurePass1 \/ipaddress 0.0.0.0 \/port 443\nolconfig.exe https \/certfile mycertificate.pfx \/password SuperSecurePass1 \/hostname overlaps.contoso.com \/port 443\n<\/pre>\n\n\n\n
Installing from a certificate already in your server\u2019s Certificate Store<\/h4>\n\n\n\n
If you have already installed the certificate into your server\u2019s certificate store, you can instead use olconfig.exe using the certificate\u2019s thumbprint to identify it:<\/p>\n\n\n\n
olconfig.exe https \/thumbprint <certificate thumbprint> \/hostname <address> \/port 443\n<\/pre>\n\n\n\n
For example:<\/p>\n\n\n\n
olconfig.exe https \/thumbprint {BECDF484-E0C1-4B5D-A326-01C0A93B62AB} \/hostname overlaps.contoso.com \/port 443\n<\/pre>\n\n\n\nWhen importing your certificate manually it is important that it is installed in the correct Certificate Store:<\/p>\n\n\n\n
- \n
- Third-Party certificates should be installed in the Current Computer \u2013 Trusted Root Certification Authorities<\/strong> store.<\/li>\n\n\n\n
- Self-Signed certificates should be installed into the Current Computer – Personal<\/strong> certificate store.<\/li>\n<\/ul>\n\n\n\n
Error 1312<\/h4>\n\n\n\n
An Error 1312 message is not uncommon here and can happen due to a number of reasons in the underlying Windows HTTP API code. Typically it means that when the certificate was imported, it wasn\u2019t marked to be persisted in the server\u2019s certificate cache. If this problem persists, try removing the certificate and re-installing it, or configuring manually using the \u201cnetsh\u201d command (see below).<\/p>\n\n\n\n
Configuring HTTPS manually<\/h3>\n\n\n\n
To configure HTTPS manually, first install your certificate file to the appropriate certificate store (see online for instruction on doing this). This will be the Current Computer \u2013 Trusted Root Certification Authorities<\/strong> store for third-party certificates (e.g. Thawte, Comodo SSL or Let’s Encrypt), or the Current Computer \u2013 Personal<\/strong> store for self-signed certificates.<\/p>\n\n\n\n
Once the certificate is installed, you can bind it to the OVERLAPS service by using the netsh command line utility as shown below:<\/p>\n\n\n\n
Bind to an IP Address and Port<\/h4>\n\n\n\n
netsh http add sslcert ipport=<ip address>:443 certhash=<thumbprint of your certificate> appid={4e893f69-206d-49e3-af7e-5813a2cf0281}\n<\/pre>\n\n\n\nBind to a Hostname and Port<\/h4>\n\n\n\n
netsh http add sslcert hostnameport=<servername>:443 certhash=<thumbprint of your certificate> appid={4e893f69-206d-49e3-af7e-5813a2cf0281} certstorename=<store>\n<\/pre>\n\n\n\nWhere \u201c<store><\/strong>\u201d will be either \u201cMY<\/strong>\u201d for the Personal store, or \u201cRoot<\/strong>\u201d for the Trusted Root Certification Authorities store.<\/p>\n\n\n\n
You should receive the message \u201cSSL Certificate successfully added<\/strong>\u201d. If, however, you receive the message \u201cA specified logon session does not exist<\/strong>\u201d, then the certificate could be installed in the wrong store, check that it is in the correct one before trying again.<\/p>\n\n\n\n
Enabling HTTPS in OVERLAPS<\/h3>\n\n\n\n
- Self-Signed certificates should be installed into the Current Computer – Personal<\/strong> certificate store.<\/li>\n<\/ul>\n\n\n\n
- Enter the domain and username<\/strong> of the user<\/li>\n\n\n\n
![\"Configuring](\"https:\/\/overlaps.co.uk\/docs\/wp-content\/uploads\/2026\/03\/configuration_utility_kerberos.png\")