none
SSL Certificate add failed, Error: 1312

    Question

  • I'm trying to connect a SSL cert to my http listener application. I'm running on Windows Server 2008 SP2.

    I'm using the netsh http command such as the following to do this.

    add sslcert ipport=10.0.0.1:443 certhash=somelongcerthash appid={somelongappid}

    When I use the command I get the following error message.

    SSL Certificate add failed, Error: 1312
    A specified logon session does not exist. It may already have been terminated.

    I'm logged onto the server as a domain admin when I run the command.

    I previously had this application setup to use SSL on a different port with the same cert, the application ran fine for a few weeks.

    I was in the process of switching the application onto port 443 when this error started to occur.

    As part of the switch I found the cert was also defined for a web site. I undefined the SSL and port binding for the web site. I reconnected to cert to the old Port and successfully test the application again, then deleted the binding using the "delete sslcert" command and attempt to use the same "add sslcert" command with port 443 and got the failure. Now I can't use the add sslcert command no matter what port I specify without getting the failure message.

    Microsoft has a fix for this error message for Windows 7 and Windows Server 2008 R2, but not Windows Server 2008 SP2.

    Googling around I see a number of other people that have run into this issue but don't see any remedies that work for me.

    --Mark

    Friday, August 06, 2010 4:59 PM

Answers

All replies

  • Hi Mark,

    This KB might help you

    http://support.microsoft.com/kb/981506

    Monday, August 23, 2010 11:29 AM
  • I tried a new certificate and it worked fine.

    I exported the problem certificate throught he MMC Certificates plugin assuming that a full cert would be created, but this cert didn't work.

     

    --Mark

    • Marked as answer by Mark Sweat Monday, August 30, 2010 7:10 PM
    Monday, August 30, 2010 7:10 PM
  • For anyone else having the same problem: Check that the certhash you are using is for a certificate that actually exists on the server - this error can also be caused by having the wrong value.
    Tuesday, March 22, 2011 10:57 AM
  • Also make sure you've installed the certificate in the service account (MMC -> add snap-in -> certificates -> computer account) and NOT in your personal account.

    http.sys requires the certificate to be visible to the system.

    • Proposed as answer by luboshasko Sunday, March 25, 2012 2:36 PM
    Saturday, November 12, 2011 11:08 PM
  • Simon Mattes: May the God of Coders (wherever he is) bless you for eternity. I spent more than an hour going through possible fixes (even tried to install the hotfix mentioned in a posting above) with no luck, until I read your posting and....it worked. It's funny how the simplest fixes are sometimes the hardest ones to find. THANKS!!!
    Wednesday, December 07, 2011 7:36 PM
  • Aside from the fact that the cert should be installed in LocalComputer->Personal, make sure that the entire cert path has also been installed.

    In general, it is better NOT to right-click the .p12 (or other cert format file) and select the import wizard, but rather go into MMC/Certificates/LocalComputer/Personal and call the import wizard from there. Don't ask me why.

    Thursday, August 23, 2012 8:26 AM
  • This page helped me get it working too.... thanks.

    Before, I was getting this error:

    SSL Certificate add failed, Error: 1312
    A specified logon session does not exist. It may already have been terminated.

    Here are some more explicit instructions on how I corrected it:

    Importing an Existing Certificate
        - Run mmc.exe.
       - Go to File-> Add/Remove Snap-In
        -   Choose the Certificates snap-in.
        - Select Computer Account
        -
    Navigate to:
    Certificates (Local Computer)\Personal\Certificates
        - Right click the Certificates folder and choose All Tasks -> Import.
        - Follow the wizard instructions to select the certificate.

    Once imported, then re-run the command from an Administrator command prompt, e.g.:

    C:\Windows\system32>netsh http add sslcert ipport=0.0.0.0:443 appid="{EEEB9DB1-0000-1111-2222-1380C8EBEF53}" certhash=2ca58888882790a218b7bab15088b157c89ccccc




    Christopher Scholten 龘龗蘇

    Thursday, August 01, 2013 9:54 PM
  • I also had to deal with this recently. I found this solution that worked for me:  http://stackoverflow.com/a/19766650/481656

    Regards, Hassan Gulzar

    Thursday, November 07, 2013 8:19 AM
  • Another possible cause: selecting "Strong Security" when importing the cert. If you install the cert by right-clicking the pfx file, make sure NOT to select Strong Security".
    Sunday, February 09, 2014 12:44 PM