Windows 10 20H2 prof. Self signed certificate produces error 1312 with netsh http add sslcert

  • Thread starter Thread starter Pedrodacosta
  • Start date Start date
P

Pedrodacosta

Guest
I asked the question prior but didn't get any response, so i try it here .


I am trying to write a service that answers on a localhost https requests and process the form data.
For test purposes a generated a selfsigned ssl certificate with makecert and openssl and add it to the root and personal certificat.

In both cases, when i try

  1. netsh http add sslcert ipport=0.0.0.0:8180 certhash=99858B7A5DF30E700653E7A832F21AB68722C93F appid={82f96a4e-ad9c-4448-9f69-e9e9150c661e}


i get error 1312 ssl certificate can't be added

I checked in the personal certificate folder of local machine as in trusted root certificate, all certificate are present and valid

makecert

  1. makecert -sky exchange -r -n "CN=SRRootCert,OU=myprog,O=company,L=city,S=NRW,C=DE" -pe -b 01/01/2021 -e 12/31/2031 -a sha256 -len 2048 -sv D:\Zertifikate\SRRootCA.pvk -ss SRCertStore D:\Zertifikate\SRRootCA.cer
  2. makecert -sk SRRootCert -iv D:\Zertifikate\SRRootCA.pvk -n "CN=SRServ" -a sha256 -len 2048 -ic D:\Zertifikate\SRRootCA.cer D:\Zertifikate\SRService.cer -sr localmachine -ss SRCertStore
  3. POWERSHELL Import-Certificate -FilePath "D:\Zertifikate\SRRootCA.cer" -CertStoreLocation Cert:\LocalMachine\Root
  4. POWERSHELL Import-Certificate -FilePath "D:\Zertifikate\SRService.cer" -CertStoreLocation Cert:\LocalMachine\My
  5. netsh http add sslcert ipport=0.0.0.0:8180 certhash=99858B7A5DF30E700653E7A832F21AB68722C93F appid={aaaaaa-aaaaaa-aaaa-aaaa-aaaaaaaaa}


And my try with openssl-

  1. openssl genrsa -des3 -out D:\Zertifikate\ServicerootCA.key 2048
  2. openssl req -x509 -new -nodes -key D:\Zertifikate\ServicerootCA.key -sha256 -days 4096 -out D:\Zertifikate\ServicerootCA.crt
  3. openssl genrsa -out D:\Zertifikate\SRClient.key 2048
  4. openssl req -new -sha256 -key D:\Zertifikate\SRClient.key -subj "/C=DE/ST=NRW/O=company/Lcity/CN=eService" -out D:\Zertifikate\SRClient.csr
  5. openssl req -in D:\Zertifikate\SRClient.csr -noout -text
  6. openssl x509 -req -in D:\Zertifikate\SRClient.csr -CA D:\Zertifikate\ServicerootCA.crt -CAkey D:\Zertifikate\ServicerootCA.key -CAcreateserial -out D:\Zertifikate\SRConnectClient.crt -days 4096 -sha256
  7. openssl x509 -in D:\Zertifikate\SRClient.crt -text -noout
  8. POWERSHELL Import-Certificate -FilePath "D:\Zertifikate\EServicerootCA.crt" -CertStoreLocation Cert:\LocalMachine\Root
  9. POWERSHELL Import-Certificate -FilePath "D:\Zertifikate\SRClient.crt" -CertStoreLocation Cert:\LocalMachine\My


and then

  1. netsh http add sslcert ipport=0.0.0.0:8180 certhash=99858B7A5DF30E700653E7A832F21AB68722C93F appid={aaaaaa-aaaaaa-aaaa-aaaa-aaaaaaaaa}



Every step is tested and runs without errors, files are created, checks run and finally add to the cetificate storage, but it produces an error described abouve.

To test netsh http add sslcert, i bond another certificate that was made for us by a "official" CA and it runs.

So nothing basically is wrong with the final step, but i can't figure out why it will not accept the self signed certificates, which
are as shown in the image registered and valid.

I also added the certificates with the mmc only to see if it makes any difference, which it didn't .

And in added the certificate, to the personal foldera2e132d8-47ad-4247-aaf6-66fc6cfc5202?upload=true.png

Continue reading...
 
Back
Top