SSL Certificate add failed when binding to port

Question

I created a WebService using WCF. I'm doing self hosting and I want to enable HTTPS. From my understanding for this to happen, I need to create a certificate and bind to the port that I want to use.

Here are the steps that I've done to handle this:

1. Created a Certificate on my local machine to act as the Root Certificate Authority
   • makecert -n "CN=My Root Certificate Authority" -r -sv RootCATest.pvk RootCATest.cer
2. Opened MMC.exe and imported the saved .cer file into the "Trusted Root Certificate\Certificates\ folder
   • makecert -sk MyKeyName -iv RootCATest.pvk -n "CN=MyMachineName" -ic RootCATest.cer -sr localmachine -ss my -sky exchange -pe MyMachineName.cer

3. Created a temporary service certificate from the signed Root Certificate Authority

   • makecert -sk MyKeyName -iv RootCATest.pvk -n "CN=MyMachineName" -ic RootCATest.cer -sr localmachine -ss my -sky exchange -pe MyMachineName.cer

4. Tried to Bind the Certificate to the Port number (443 in this case)

   • netsh http add sslcert ipport=0.0.0.0:443 certhash=2c5ba85bcbca412a74fece02878a44b285c63981 appid={646937c0-1042-4e81-a3b6-47d678d68ba9}

The result from step 4 is the following error:

SSL Certificate add failed, Error 1312

A specified logon session does not exist. It may already have been terminated.

Does anyone have a clue why I might be getting this error?

Answer 1

I had the same error. The first time it occurred, as Micheal said, I had to move the certificate under Certificates(Local Computer) -->Personal -->Certificate folder. I had the same error when I imported the same certificate on another machine. The reason was that I was using certmgr.msc to import the certificate. . The window opened thus shows “Certificates – Current User”. Certificates imported using this window cause netsh to fail with the 1312 error. Make sure to use certificate snap-in in MMC to import certificates. The certificate snap-in from MMC shows “Certificates (Local Computer)”. This lets the netsh execution sail through.

Answer 2

SSL Certificate add failed, Error 1312  A specified logon session does not exist. It may already have been terminated. 

I used to have the exact same problem and spent a couple days trying to figure out what the reason was.

To make the long story short: the problem is that you have installed the certificate on the winrm server that does not have PRIVATE KEY.

I have checked this several times. You have to delete your certificate and rebuild it by using makecert for instance, as it is described perfectly here: http://blogs.technet.com/b/jhoward/archive/2005/02/02/365323.aspx

You can easily check if your certificate has private a key as so: mmc - certificates - local machine - personal. Look at the icon of the certificate - it MUST have key sign on the icon.