Help: Unable to specify certificate for SSL binding ...RSS

5 replies

Last post Mar 25, 2009 11:21 PM by thomad

  • Help: Unable to specify certificate for SSL binding ...

    Mar 22, 2009 03:03 AM|gpuja|LINK

    Hello,

    I am a PowerShell newbie ...

    I have a website with the following binding:

    https ps.proto.com 500 *

    I also have a certificate in the MY store.  I am trying to associate the SSL certificate with this binding using the following command, as specified in the PowerShell Walk-through and receiving the error below:

    PS IIS:\SslBindings> get-item cert:\LocalMachine\MY\BE4AF0CCD7D48001F887C1AFE10DEF8E3BDE52DD | new-item 0.0.0.0!500
    New-Item : Failed to create SSL binding. Error code 1312.
    At line:1 char:83
    + get-item cert:\LocalMachine\MY\BE4AF0CCD7D48001F887C1AFE10DEF8E3BDE52DD | new-item  <<<< 0.0.0.0!500

    Note that get-item cert:\LocalMachine\MY\BE4AF0CCD7D48001F887C1AFE10DEF8E3BDE52DD appears to succeed.  So it is definitely the "new-item" command that is failing.  I have other websites and bindings in my IIS server also.

    Any help is appreciated.

    Thanks!

  • Re: Help: Unable to specify certificate for SSL binding ...

    Mar 24, 2009 02:04 AM|thomad|LINK

    Can you send the output of the commnand "netsh http show ssl"?

     

    Thanks,

    Thomas Deml
    Group Program Manager
    Internet Information Services
    Microsoft Corp.
  • Re: Help: Unable to specify certificate for SSL binding ...

    Mar 24, 2009 02:18 AM|gpuja|LINK

    thomad

    Can you send the output of the commnand "netsh http show ssl"?

     

    Thanks,

    PS IIS:\SslBindings> netsh http show ssl

    SSL Certificate bindings:
    -------------------------

        IP:port                 : 0.0.0.0:443
        Certificate Hash        : 33852174a38c7978d3135473379cbbd8380d9e65
        Application ID          : {4dc3e181-e14b-4a21-b022-59fc669b0914}
        Certificate Store Name  : MY
        Verify Client Certificate Revocation    : Enabled
        Verify Revocation Using Cached Client Certificate Only    : Disabled
        Usage Check    : Enabled
        Revocation Freshness Time : 0
        URL Retrieval Timeout   : 0
        Ctl Identifier          : (null)
        Ctl Store Name          : (null)
        DS Mapper Usage    : Disabled
        Negotiate Client Certificate    : Disabled

        IP:port                 : 0.0.0.0:445
        Certificate Hash        : 80c3e84976e0ca85f0398183af555d2bbd779c31
        Application ID          : {4dc3e181-e14b-4a21-b022-59fc669b0914}
        Certificate Store Name  : MY
        Verify Client Certificate Revocation    : Enabled
        Verify Revocation Using Cached Client Certificate Only    : Disabled
        Usage Check    : Enabled
        Revocation Freshness Time : 0
        URL Retrieval Timeout   : 0
        Ctl Identifier          : (null)
        Ctl Store Name          : (null)
        DS Mapper Usage    : Disabled
        Negotiate Client Certificate    : Disabled

        IP:port                 : 0.0.0.0:500
        Certificate Hash        : 33852174a38c7978d3135473379cbbd8380d9e65
        Application ID          : {4dc3e181-e14b-4a21-b022-59fc669b0914}
        Certificate Store Name  : MY
        Verify Client Certificate Revocation    : Enabled
        Verify Revocation Using Cached Client Certificate Only    : Disabled
        Usage Check    : Enabled
        Revocation Freshness Time : 0
        URL Retrieval Timeout   : 0
        Ctl Identifier          : (null)
        Ctl Store Name          : (null)
        DS Mapper Usage    : Disabled
        Negotiate Client Certificate    : Disabled

        IP:port                 : 0.0.0.0:8172
        Certificate Hash        : 1890840c485bdfd14ee9334639a8a4d7f2cf99c7
        Application ID          : {00000000-0000-0000-0000-000000000000}
        Certificate Store Name  : MY
        Verify Client Certificate Revocation    : Enabled
        Verify Revocation Using Cached Client Certificate Only    : Disabled
        Usage Check    : Enabled
        Revocation Freshness Time : 0
        URL Retrieval Timeout   : 0
        Ctl Identifier          : (null)
        Ctl Store Name          : (null)
        DS Mapper Usage    : Disabled
        Negotiate Client Certificate    : Disabled

  • Re: Help: Unable to specify certificate for SSL binding ...

    Mar 24, 2009 02:53 AM|thomad|LINK

    Are you successful adding this certificate via the IIS Manager UI? There are a couple of entries that I find when I search for error 1312 and NETSH and they seem to indicate that something is wrong with the certificate.

     Thomas

     

    Thomas Deml
    Group Program Manager
    Internet Information Services
    Microsoft Corp.
  • Re: Help: Unable to specify certificate for SSL binding ...

    Mar 24, 2009 01:18 PM|gpuja|LINK

    You are correct - there seemed to be something wrong with the certificate.  Adding it through the UI gave me a weird error.  I tried another certificate and it worked with the PS command.

    I'd like to know how to tell that 1312 was the error code returned by netsh in this case?  What is the best way to debug/understand errors in PowerShell?  I am a PowerShell newbie ...

    Thanks for your help.

  • Re: Help: Unable to specify certificate for SSL binding ...

    Mar 25, 2009 11:21 PM|thomad|LINK

    The error actually comes back from the underlying layer (the HTTP.SYS certificate API). If you search for 1312 and certificates you will find similar issues with the tools/APIs underneath.

    Hope this helps

    Thomas Deml
    Group Program Manager
    Internet Information Services
    Microsoft Corp.