Thursday, March 17, 2011

Certificate port binding: SSL Certificate add failed, Error: 1312 A specified logon session does not exist. It may already have been terminated.

There are very annoying messages in Windows. I will talk here an in the next posts about some of the security related errors and how do they help you to understand the problem.


So here is the thing: you have just Installed the certificate in the certificate store, and you can visually see it, but when you try to bind it to the ip port using netsh or httpcfg (more on this here: http://msdn.microsoft.com/en-us/library/ms733768.aspx) you get an annoying message saying nothing:  A specified logon session does not exist. It may already have been terminated.

 Microsoft Windows [Version 6.1.7600]  
 Copyright (c) 2009 Microsoft Corporation. All rights reserved.  
 C:\Windows\system32>netsh http add sslcert ipport=0.0.0.0:443 certhash=3045c0dab3764dd641a3742253c9b22e07acf645 appid={11223344-4455-6677-8899-AABBCCDDEEFF} clientcertnegotiation=enable  
 SSL Certificate add failed, Error: 1312  
 A specified logon session does not exist. It may already have been terminated.  

So after some time, of investigating the issue, it seems that the problem is that the certificate must be in the local machine store to be successfully binded with the port. All you have to do is to drag and drop it there



Moving cert with drag and drop is a simple operation. It copies the cert and it's private key.





So now the same command should work



 C:\Windows\system32>netsh http add sslcert ipport=0.0.0.0:443 certhash=3045c0dab3764dd641a3742253c9b22e07acf645 appid={11223344-4455-6677-8899-AABBCCDDEEFF} clientcertnegotiation=enable  
 SSL Certificate successfully added  
 C:\Windows\system32>

4 comments:

  1. This was bang on the money for setting up TFS Build agents to use SSL. Most useful, thank you.

    ReplyDelete
  2. I realize those are forsbobet doggies but I would be hard pressed not to eat one ;)

    ReplyDelete
  3. Thank you so much, I looked all over the place for a fix, and this was the best solution. Even installed the hot-fix :{

    ReplyDelete