Can't register a C# generated selfsigned SSL certificate with netsh (error 1312)

Question

I have created a self-signed SSL certificate via C# (bouncycastle). It shows up in the local computer / personal store and looks exactly like the already existing localhost certificate from Microsoft. If I show the properties, it says:

SSL Certificate add failed, Error: 1312 A specified logon session does not exist. It may already have been terminated.

However, if I want to register this certificate via netsh, I get an error:

netsh.exe http add sslcert ipport=0.0.0.0:{0} certhash={1} appid={2}

app-id being the GUID specified in the assemblyinfo.cs. certhash is the hash from the properties-page of the certificate.

I found several reasons why this can happen in numerous blog posts:

Use elevated privileges (I am doing this)
Make sure your certificate is registered in "local computer", not in "current user" - I have this.
Make sure the certificate has a private key (it has, as it is shown in the properties dialoge box).

None of them led to a success...

Same here! What's interesting the same code runs nice on some machines. And on others we get above error. Did you have a chance to fix it? (I'm using Windows 8) — Michael, Jul 08 '13 at 14:06

score 5 · Answer 1 · edited Jun 22 '14 at 17:10

5

Your problem is prior to the binding. I assume that the certificate is not correctly imported. When you load your certificate in C#, use:

var cert = new X509Certificate2("Path", "Pwd, X509KeyStorageFlags.MachineKeySet
                                              | X509KeyStorageFlags.PersistKeySet
                                              | X509KeyStorageFlags.Exportable);

And make sure that you store it in the local machine StoreLocation.LocalMachine:

var store = new X509Store(storeName, StoreLocation.LocalMachine);
store.Open(OpenFlags.MaxAllowed);
store.Add(cert);
store.Close();

edited Jun 22 '14 at 17:10

Peter Mortensen

30,738
21
105
131

answered Jun 10 '14 at 10:42

TomB

641
5
17

specifying the keyStorageFlags is what fixed it for me. It worked otherwise on Windows 7, but was not working without them on Windows 8. – brendonparker Mar 31 '15 at 19:59
The `Exportable` flag should not relate to this issue and might be unwanted. – Simon Opelt May 20 '15 at 08:11
Still no luck for me – user1034912 Jan 05 '19 at 10:15

score 0 · Answer 2 · edited Jun 22 '14 at 14:38

I had a similar problem today, and this is how I fixed it. When I have watched certificates installed on my local computer/my in mmc.exe, I have seen that my certificate haven't an icon with a key.

I combine *.cer and *.pvk file to *.pfx with:

pvk2pfx -pvk "private_key.pvk"  -spc "public.cert" -pfx "test.pfx"

And then import *.pfx file with mmc.exe.

Then the next commands will execute with no errors:

netsh http add sslcert...
netsh http delete sslcert...

score -1 · Answer 3 · edited Jun 22 '14 at 16:59

One additional check you have to make is: Is your certificate located under the "Personal" store under "Local Computer"? If not you will have to use the additional argument certstorename="<store>"

Where I determined the value to pass as <store> in the following way:

Open MMC and add the Certificates snap-in for the Local Computer account.
<store> is the name of the folder in which your certificate is located when you view it through this snap in.

By default, the value assumed for the certstorename is "MY" which denotes the "Personal" folder. So if you certificate is in the Personal folder then you wouldn't need to add this parameter.

Can't register a C# generated selfsigned SSL certificate with netsh (error 1312)

3 Answers3

Linked