SSL Certificate add failed, Error: 1312
-
Friday, August 06, 2010 4:59 PM
I'm trying to connect a SSL cert to my http listener application. I'm running on Windows Server 2008 SP2.
I'm using the netsh http command such as the following to do this.
add sslcert ipport=10.0.0.1:443 certhash=somelongcerthash appid={somelongappid}
When I use the command I get the following error message.
SSL Certificate add failed, Error: 1312
A specified logon session does not exist. It may already have been terminated.I'm logged onto the server as a domain admin when I run the command.
I previously had this application setup to use SSL on a different port with the same cert, the application ran fine for a few weeks.
I was in the process of switching the application onto port 443 when this error started to occur.
As part of the switch I found the cert was also defined for a web site. I undefined the SSL and port binding for the web site. I reconnected to cert to the old Port and successfully test the application again, then deleted the binding using the "delete sslcert" command and attempt to use the same "add sslcert" command with port 443 and got the failure. Now I can't use the add sslcert command no matter what port I specify without getting the failure message.
Microsoft has a fix for this error message for Windows 7 and Windows Server 2008 R2, but not Windows Server 2008 SP2.
Googling around I see a number of other people that have run into this issue but don't see any remedies that work for me.
--Mark
All Replies
-
Monday, August 23, 2010 11:29 AM
- Marked As Answer by Tim QuanModerator Monday, August 30, 2010 9:21 AM
-
Monday, August 30, 2010 7:10 PM
I tried a new certificate and it worked fine.
I exported the problem certificate throught he MMC Certificates plugin assuming that a full cert would be created, but this cert didn't work.
--Mark
- Marked As Answer by Mark Sweat Monday, August 30, 2010 7:10 PM
-
Tuesday, March 22, 2011 10:57 AMFor anyone else having the same problem: Check that the certhash you are using is for a certificate that actually exists on the server - this error can also be caused by having the wrong value.
-
Saturday, November 12, 2011 11:08 PM
Also make sure you've installed the certificate in the service account (MMC -> add snap-in -> certificates -> computer account) and NOT in your personal account.
http.sys requires the certificate to be visible to the system.
- Proposed As Answer by lubosh000 Sunday, March 25, 2012 2:36 PM
-
Wednesday, December 07, 2011 7:36 PMSimon Mattes: May the God of Coders (wherever he is) bless you for eternity. I spent more than an hour going through possible fixes (even tried to install the hotfix mentioned in a posting above) with no luck, until I read your posting and....it worked. It's funny how the simplest fixes are sometimes the hardest ones to find. THANKS!!!
-
Thursday, August 23, 2012 8:26 AM
Aside from the fact that the cert should be installed in LocalComputer->Personal, make sure that the entire cert path has also been installed.
In general, it is better NOT to right-click the .p12 (or other cert format file) and select the import wizard, but rather go into MMC/Certificates/LocalComputer/Personal and call the import wizard from there. Don't ask me why.
.png)
