Following the instructions on "How to: Configure a Port with an SSL Certificate" in this link: http://msdn.microsoft.com/en-us/library/ms733791.aspx, I entered this command on the commandline (duh):
> netsh http add sslcert ipport:10.141.146.227:7001 certhash=5d48e604007b867ae8a69260a4ad318d2c05d8ff appid={EDE3C891-306C-40fe-BAD4-895B236A1CC8}
The parameter is incorrect.
My certhash
thumbprint was taken from the certificate in Certificates(Local Computer)>Personal>Certificates folder.
The appid
GUID was generated.
What else is wrong that I need to fix to get this to work?
The PowerShell command line and PowerShell scripts in ps1 files will think curley-braces {...} are PowerShell directives. So quote them. Otherwise, as you have seen, PowerShell will be confused.
So rather than this (which you found fails):
Do this (note the single quotes):
Here is some information about PowerShell syntax with curley braces:
http://danv74.wordpress.com/2012/07/12/powershell-and-the-hidden-art-of-curly-braces-and-other-braces/
I ran across this question while looking for a solution to the problem. I finally found one that worked for me.
My
certhash
parameter wasn't fully 20 bytes long. I had to pad it with zeroes in front to get it to work.So, instead of
certhash=112233445566778899aabbccddeeff00
, I had to do this:certhash=00000000112233445566778899aabbccddeeff00
.Hope this helps.
Using the Serial number instead of the Thumbprint for the certhash parameter will cause this error because of the difference in the amount of characters. Padding with 0s will change the error to SSL Certificate add failed, Error: 1312
I faced this problem several times and every time it had a different cause, so I decided to write the causes and exact command that worked for me.
Here are some causes:
1- Copy and pasting certificate thumbprint from windows dialog adds a hidden character to your hash. It is not visible in text editors but you need to remove the character to make it work.
2- SSL thumbprint should be available in Personal -> Certificates to work with localhost.
3-It should be 'ipport=' not 'ipport:'
4- SSL certificate should have a private key. If you are using certificate management console, make sure that it has a little key icon on the certificate view.
5- GUID should be defined in full format: {a10b0420-a21f-45de-a1f8-818b5001145a}, and it should have one quote in powershell: '{a10b0420-a21f-45de-a1f8-818b5001145a}' Thus, PowerShell format is different from command line.
6- SSL Cert should have complete characters with all padding '0's and without any space. You may copy thumbprint (be careful to remove special hidden character) and remove spaces, or use 'netsh http show sslcert' to get the value if the certificate is already registered for another address.
What worked for me:
Here is the exact command that worked for me in powershell:
And here is the command line statement:
More commands to help you avoid related problems:
Use the following command to see current registered certificate. You may find and reuse certhash or your appid from there:
If the certificate is already registered with similar ip and port, you need to remove it. I found it cause problem with localhost, 127.0.0.1 and 0.0.0.0. You need to have only 0.0.0.0 registered in your testing environment. Use the following command to remove potential corrupted certificates:
I must have ended up mangling the relationship between VS and IIS Express by deleting the localhost certificate. I was really stuck. The app wouldn't start and nothing I could do seemed to correct this disconnect (which is want brought me to this thread to begin with).
I was finally able to get over the issue by changing the assigned port on the non-SSL URL (
launchSettings.json
in .NET Core apps) and disabling the Enable SSL checkbox in the project settings and taking a fresh start. I was then able to add my newly created cert with this command:netsh http add sslcert ipport=0.0.0.0:44392 appid={214124cd-d05b-4309-9af9-9caa44b2b74b} certhash=A0ADC1A1002F288CCFA96261F9F352D28C675A90
.Also, note that the
appid
variable is not a reflection of your VS project AppID (or at least it doesn't have to be). It's just an arbitrary GUID, according to Scott Hanselmann:This was not obvious to me and made dealing with the parameter is incorrect error that much more obscure.
If you're experiencing similar issues, good luck. I believe in you. Ping me if you're feeling lost and alone. Maybe I can remember something by then! :D
Looking at the syntax for the netsh command, I saw this example:
By the looks of it, your problem is that you're doing
as opposed to