SSL Certificate add failed, Error: 1312 RRS feed

  • Question

  • I'm trying to connect a SSL cert to my http listener application. I'm running on Windows Server 2008 SP2.

    I'm using the netsh http command such as the following to do this.

    add sslcert ipport= certhash=somelongcerthash appid={somelongappid}

    When I use the command I get the following error message.

    SSL Certificate add failed, Error: 1312
    A specified logon session does not exist. It may already have been terminated.

    I'm logged onto the server as a domain admin when I run the command.

    I previously had this application setup to use SSL on a different port with the same cert, the application ran fine for a few weeks.

    I was in the process of switching the application onto port 443 when this error started to occur.

    As part of the switch I found the cert was also defined for a web site. I undefined the SSL and port binding for the web site. I reconnected to cert to the old Port and successfully test the application again, then deleted the binding using the "delete sslcert" command and attempt to use the same "add sslcert" command with port 443 and got the failure. Now I can't use the add sslcert command no matter what port I specify without getting the failure message.

    Microsoft has a fix for this error message for Windows 7 and Windows Server 2008 R2, but not Windows Server 2008 SP2.

    Googling around I see a number of other people that have run into this issue but don't see any remedies that work for me.


    Friday, August 6, 2010 4:59 PM


All replies

  • Hi Mark,

    This KB might help you

    Monday, August 23, 2010 11:29 AM
  • I tried a new certificate and it worked fine.

    I exported the problem certificate throught he MMC Certificates plugin assuming that a full cert would be created, but this cert didn't work.



    • Marked as answer by Mark Sweat Monday, August 30, 2010 7:10 PM
    Monday, August 30, 2010 7:10 PM
  • For anyone else having the same problem: Check that the certhash you are using is for a certificate that actually exists on the server - this error can also be caused by having the wrong value.
    Tuesday, March 22, 2011 10:57 AM
  • Also make sure you've installed the certificate in the service account (MMC -> add snap-in -> certificates -> computer account) and NOT in your personal account.

    http.sys requires the certificate to be visible to the system.

    • Proposed as answer by luboshasko Sunday, March 25, 2012 2:36 PM
    Saturday, November 12, 2011 11:08 PM
  • Simon Mattes: May the God of Coders (wherever he is) bless you for eternity. I spent more than an hour going through possible fixes (even tried to install the hotfix mentioned in a posting above) with no luck, until I read your posting worked. It's funny how the simplest fixes are sometimes the hardest ones to find. THANKS!!!
    Wednesday, December 7, 2011 7:36 PM
  • Aside from the fact that the cert should be installed in LocalComputer->Personal, make sure that the entire cert path has also been installed.

    In general, it is better NOT to right-click the .p12 (or other cert format file) and select the import wizard, but rather go into MMC/Certificates/LocalComputer/Personal and call the import wizard from there. Don't ask me why.

    • Proposed as answer by deivid79 Tuesday, August 13, 2019 5:13 PM
    Thursday, August 23, 2012 8:26 AM
  • This page helped me get it working too.... thanks.

    Before, I was getting this error:

    SSL Certificate add failed, Error: 1312
    A specified logon session does not exist. It may already have been terminated.

    Here are some more explicit instructions on how I corrected it:

    Importing an Existing Certificate
        - Run mmc.exe.
       - Go to File-> Add/Remove Snap-In
        -   Choose the Certificates snap-in.
        - Select Computer Account
    Navigate to:
    Certificates (Local Computer)\Personal\Certificates
        - Right click the Certificates folder and choose All Tasks -> Import.
        - Follow the wizard instructions to select the certificate.

    Once imported, then re-run the command from an Administrator command prompt, e.g.:

    C:\Windows\system32>netsh http add sslcert ipport= appid="{EEEB9DB1-0000-1111-2222-1380C8EBEF53}" certhash=2ca58888882790a218b7bab15088b157c89ccccc

    Christopher Scholten 龘龗蘇

    • Proposed as answer by deivid79 Tuesday, August 13, 2019 5:14 PM
    Thursday, August 1, 2013 9:54 PM
  • I also had to deal with this recently. I found this solution that worked for me:

    Regards, Hassan Gulzar

    Thursday, November 7, 2013 8:19 AM
  • Another possible cause: selecting "Strong Security" when importing the cert. If you install the cert by right-clicking the pfx file, make sure NOT to select Strong Security".
    • Proposed as answer by sekaita Friday, March 10, 2017 1:30 PM
    Sunday, February 9, 2014 12:44 PM
  • I have also experienced this issue and although the above responses may have fixed their issues the crux of the problem I found was the private key for the certificate was not installed. The two instances I have recently came across, the complete public key chain had been installed but the private keys were missing. Evidently someone had created the key pair on a separate machine and sent the certificate request off to be signed. When the signed key was returned they only installed the public key chain on the machine needing the certificate. I needed to combine the public and private key pair into a PFX file and import.


    Tuesday, February 9, 2016 3:16 PM
  • Hi Mark,

    I met the same issue with yours. here is what i did for troubleshooting.

    Check where your cert is requested, if you requested in "Personal" store, you need to keep your cert in "Personal"

    i accidentally moved the cert into "trusted root", then it comes with the error Error 1312.

    But when i moved the cert back to "Personal", then the cert can be added successfully.

    Just provide you a way to test if above methods does't work.

    Wednesday, June 8, 2016 8:37 AM
  • Thank you Jewettware.  This has been driving me crazy.  Including the private key was the fix for me.
    Tuesday, May 30, 2017 10:38 PM
  • thank you for your help!
    Tuesday, August 13, 2019 5:13 PM