Using netsh, bind an SSL certificate to a port number is failing

Question

I have followed the instructions in SSL with Self Hosted WCF Service. When I am trying to bind the certificate on Windows 7 using netsh as described in How to: Configure a Port with an SSL Certificate., it is failing as follows.

In Windows PowerShell

PS C:\> netsh http add sslcert ipport=0.0.0.0:8732 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF} Bad numeric constant: 224. At line:1 char:104 + netsh http add sslcert ipport=0.0.0.0:8732 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={001 <<<< 12233-4455-6677-8899-AABBCCDDEEFF} + CategoryInfo          : ParserError: (224:String) [], ParentContainsErrorRecordException + FullyQualifiedErrorId : BadNumericConstant 

In a command prompt

C:\>netsh http add sslcert ipport=0.0.0.0:8732 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF}  SSL Certificate add failed, Error: 1312 A specified logon session does not exist. It may already have been terminated. 

Answer 1

I fought with this forever to get my IIS Express to do SSL properly. It turns out my certificate was in the Trusted Root Certification Authorities store instead of the Personal Certificates store. This is what worked for me:

1. Make sure your certificate is in "Certificates(Local Computer)/Personal/Certificates"
2. netsh http add sslcert ipport=0.0.0.0:8732 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid='{00112233-4455-6677-8899-AABBCCDDEEFF}'
3. SSL Certificate successfully added
4. Use MMC and drag certificate wherever you want it to go.

Answer 2

I have found 4 possible causes for error 1312 in my port bindings:

• The SSL cert is corrupt - you need to delete from the cert store and re-add.
• The SSL cert is lacking a private key - you need to delete from the cert store and re-add the full public/private cert, or otherwise attach the private key to your certificate.
• If installing on a pre-SP1 version of 2012R2, you may need KB 981506.
• You may have added the SSL cert to your user store, and not the local machine cert store - delete from the user store and add to the machine store.