How to register a certificate to a port when the cert is in a custom location using netsh

Question

My certificate is stored in a custom store under "Certificates(Local Computer)" instead of under "Personal".

Normally, if the cert is located under personal, i just use C:>netsh http add sslcert ipport:0.0.0.0: certhash= appid= certstorename=MY

where, certstorename=MY is already assumed by default if not specified.

This works fine until we were required to store the certificate in a custom store other than the existing personal, trusted people, trusted publishers, etc. etc.

• If we called our new store "my cert store", how would the new netsh command look like?
• how does the word "MY" map to the "Personal" store? is there a dictionary someplace that maps these?

i checked the System.Security.Cryptography.X509Certificates namespace and there exises an enum called StoreName with the following values:

• AddressBook - The X.509 certificate store for other users.
• AuthRoot - The X.509 certificate store for third-party certificate authorities (CAs).
• CertificateAuthority - The X.509 certificate store for intermediate certificate authorities (CAs).
• Disallowed - The X.509 certificate store for revoked certificates.
• My - The X.509 certificate store for personal certificates.
• Root - The X.509 certificate store for trusted root certificate authorities (CAs).
• TrustedPeople - The X.509 certificate store for directly trusted people and resources.
• TrustedPublisher - The X.509 certificate store for directly trusted publishers.

I tried all of them on the netsh command as certstorename and i always get this error:

SSL Certificate add failed, Error:1312 A specified logon session does not exist. It may already have been terminated.

Answer 1

What you are trying to do seems correct. Could you retry after applying hotfix http://support.microsoft.com/kb/981506 for a problem which actually matches your symptoms exactly.