« Previous Next »

• 03-22-2009, 3:03 AM

  gpuja Joined on 01-06-2009, 7:09 PM Posts 23

  Help: Unable to specify certificate for SSL binding ... Reply Contact Hello, I am a PowerShell newbie ... I have a website with the following binding: https ps.proto.com 500 * I also have a certificate in the MY store.  I am trying to associate the SSL certificate with this binding using the following command, as specified in the PowerShell Walk-through and receiving the error below: PS IIS:\SslBindings> get-item cert:\LocalMachine\MY\BE4AF0CCD7D48001F887C1AFE10DEF8E3BDE52DD | new-item 0.0.0.0!500 New-Item : Failed to create SSL binding. Error code 1312. At line:1 char:83 + get-item cert:\LocalMachine\MY\BE4AF0CCD7D48001F887C1AFE10DEF8E3BDE52DD | new-item  <<<< 0.0.0.0!500 Note that get-item cert:\LocalMachine\MY\BE4AF0CCD7D48001F887C1AFE10DEF8E3BDE52DD appears to succeed.  So it is definitely the "new-item" command that is failing.  I have other websites and bindings in my IIS server also. Any help is appreciated. Thanks!

• 03-24-2009, 2:04 AM

  In reply to

  thomad Joined on 08-20-2002, 11:28 AM Redmond Posts 503	Re: Help: Unable to specify certificate for SSL binding ... Reply Contact Can you send the output of the commnand "netsh http show ssl"?   Thanks, Thomas Deml Program Manager Internet Information Services Microsoft Corp.

• 03-24-2009, 2:18 AM

  In reply to

  gpuja Joined on 01-06-2009, 7:09 PM Posts 23

  Re: Help: Unable to specify certificate for SSL binding ... Reply Contact thomad: Can you send the output of the commnand "netsh http show ssl"?   Thanks, PS IIS:\SslBindings> netsh http show ssl SSL Certificate bindings: -------------------------     IP:port                 : 0.0.0.0:443     Certificate Hash        : 33852174a38c7978d3135473379cbbd8380d9e65     Application ID          : {4dc3e181-e14b-4a21-b022-59fc669b0914}     Certificate Store Name  : MY     Verify Client Certificate Revocation    : Enabled     Verify Revocation Using Cached Client Certificate Only    : Disabled     Usage Check    : Enabled     Revocation Freshness Time : 0     URL Retrieval Timeout   : 0     Ctl Identifier          : (null)     Ctl Store Name          : (null)     DS Mapper Usage    : Disabled     Negotiate Client Certificate    : Disabled     IP:port                 : 0.0.0.0:445     Certificate Hash        : 80c3e84976e0ca85f0398183af555d2bbd779c31     Application ID          : {4dc3e181-e14b-4a21-b022-59fc669b0914}     Certificate Store Name  : MY     Verify Client Certificate Revocation    : Enabled     Verify Revocation Using Cached Client Certificate Only    : Disabled     Usage Check    : Enabled     Revocation Freshness Time : 0     URL Retrieval Timeout   : 0     Ctl Identifier          : (null)     Ctl Store Name          : (null)     DS Mapper Usage    : Disabled     Negotiate Client Certificate    : Disabled     IP:port                 : 0.0.0.0:500     Certificate Hash        : 33852174a38c7978d3135473379cbbd8380d9e65     Application ID          : {4dc3e181-e14b-4a21-b022-59fc669b0914}     Certificate Store Name  : MY     Verify Client Certificate Revocation    : Enabled     Verify Revocation Using Cached Client Certificate Only    : Disabled     Usage Check    : Enabled     Revocation Freshness Time : 0     URL Retrieval Timeout   : 0     Ctl Identifier          : (null)     Ctl Store Name          : (null)     DS Mapper Usage    : Disabled     Negotiate Client Certificate    : Disabled     IP:port                 : 0.0.0.0:8172     Certificate Hash        : 1890840c485bdfd14ee9334639a8a4d7f2cf99c7     Application ID          : {00000000-0000-0000-0000-000000000000}     Certificate Store Name  : MY     Verify Client Certificate Revocation    : Enabled     Verify Revocation Using Cached Client Certificate Only    : Disabled     Usage Check    : Enabled     Revocation Freshness Time : 0     URL Retrieval Timeout   : 0     Ctl Identifier          : (null)     Ctl Store Name          : (null)     DS Mapper Usage    : Disabled     Negotiate Client Certificate    : Disabled

• 03-24-2009, 2:53 AM

  In reply to

  thomad Joined on 08-20-2002, 11:28 AM Redmond Posts 503	Re: Help: Unable to specify certificate for SSL binding ... Reply Contact Are you successful adding this certificate via the IIS Manager UI? There are a couple of entries that I find when I search for error 1312 and NETSH and they seem to indicate that something is wrong with the certificate.  Thomas   Thomas Deml Program Manager Internet Information Services Microsoft Corp.

• 03-24-2009, 1:18 PM

  In reply to

  gpuja Joined on 01-06-2009, 7:09 PM Posts 23

  Re: Help: Unable to specify certificate for SSL binding ... Reply Contact You are correct - there seemed to be something wrong with the certificate.  Adding it through the UI gave me a weird error.  I tried another certificate and it worked with the PS command. I'd like to know how to tell that 1312 was the error code returned by netsh in this case?  What is the best way to debug/understand errors in PowerShell?  I am a PowerShell newbie ... Thanks for your help.

• 03-25-2009, 11:21 PM

  In reply to

  thomad Joined on 08-20-2002, 11:28 AM Redmond Posts 503	Re: Help: Unable to specify certificate for SSL binding ... Reply Contact The error actually comes back from the underlying layer (the HTTP.SYS certificate API). If you search for 1312 and certificates you will find similar issues with the tools/APIs underneath. Hope this helps Thomas Deml Program Manager Internet Information Services Microsoft Corp.