问题
I have created a self-signed SSL certificate via C# (bouncycastle). It shows up in the local computer / personal store and looks exactly like the already existing localhost certificate from Microsoft. If I show the properties, it says:
SSL Certificate add failed, Error: 1312 A specified logon session does not exist. It may already have been terminated.
However, if I want to register this certificate via netsh, I get an error:
netsh.exe http add sslcert ipport=0.0.0.0:{0} certhash={1} appid={2}
app-id being the GUID specified in the assemblyinfo.cs. certhash is the hash from the properties-page of the certificate.
I found several reasons why this can happen in numerous blog posts:
- Use elevated privileges (I am doing this)
- Make sure your certificate is registered in "local computer", not in "current user" - I have this.
- Make sure the certificate has a private key (it has, as it is shown in the properties dialoge box).
None of them led to a success...
回答1:
Your problem is prior to the binding. I assume that the certificate is not correctly imported. When you load your certificate in C#, use:
var cert = new X509Certificate2("Path", "Pwd, X509KeyStorageFlags.MachineKeySet
| X509KeyStorageFlags.PersistKeySet
| X509KeyStorageFlags.Exportable);
And make sure that you store it in the local machine StoreLocation.LocalMachine:
var store = new X509Store(storeName, StoreLocation.LocalMachine);
store.Open(OpenFlags.MaxAllowed);
store.Add(cert);
store.Close();
回答2:
I had a similar problem today, and this is how I fixed it. When I have watched certificates installed on my local computer/my in mmc.exe, I have seen that my certificate haven't an icon with a key.
I combine *.cer and *.pvk file to *.pfx with:
pvk2pfx -pvk "private_key.pvk" -spc "public.cert" -pfx "test.pfx"
And then import *.pfx file with mmc.exe.
Then the next commands will execute with no errors:
netsh http add sslcert...
netsh http delete sslcert...
回答3:
One additional check you have to make is: Is your certificate located under the "Personal" store under "Local Computer"? If not you will have to use the additional argument certstorename="<store>"
Where I determined the value to pass as <store> in the following way:
- Open MMC and add the Certificates snap-in for the Local Computer account.
<store>is the name of the folder in which your certificate is located when you view it through this snap in.
By default, the value assumed for the certstorename is "MY" which denotes the "Personal" folder. So if you certificate is in the Personal folder then you wouldn't need to add this parameter.
来源:https://stackoverflow.com/questions/16729623/cant-register-a-c-sharp-generated-selfsigned-ssl-certificate-with-netsh-error