Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why is the netsh http add sslcert throwing error from Powershell ps1 file?

I am trying to add an sslcert using netsh http from within a powershell ps1 file, but it keeps throwing errors:

$guid = [guid]::NewGuid()

netsh http add sslcert ipport=0.0.0.0:443 certhash=5758B8D8248AA8B4E91DAA46F069CC1C39ABA718 appid={$guid} 


'JABnAHUAaQBkAA' is not a valid argument for this command.
 The syntax supplied for this command is not valid. Check help for the correct syntax.

  Usage: add sslcert [ipport=]<IP Address:port>
         [certhash=]<string>
         [appid=]<GUID>
         [[certstorename=]<string>
          [verifyclientcertrevocation=]enable|disable
          [verifyrevocationwithcachedclientcertonly=]enable|disable
          [usagecheck=]enable|disable
          [revocationfreshnesstime=]<u-int>
          [urlretrievaltimeout=]<u-int>
          [sslctlidentifier=]<string>
          [sslctlstorename=]<string>
          [dsmapperusage=]enable|disable
          [clientcertnegotiation=]enable|disable]

Parameters:

    Tag                       Value

    ipport                  - IP address and port for the binding.
    certhash                - The SHA hash of the certificate. This hash
                              is 20 bytes long and specified as a hex
                              string.
    appid                   - GUID to identify the owning application.
    certstorename           - Store name for the certificate. Defaults
                              to MY. Certificate must be stored in the
                              local machine context.
    verifyclientcertrevocation - Turns on/off verification of revocation
                                 of client certificates.
    verifyrevocationwithcachedclientcertonly - Turns on/off usage of
                                               only cached client
                                               certificate for revocation checking.
    usagecheck              - Turns on/off usage check. Default is enabled.
    revocationfreshnesstime - Time interval to check for an updated
                              certificate revocation list (CRL). If this
                              value is 0, then the new CRL is updated
                              only if the previous one expires. (in
                              seconds)
    urlretrievaltimeout     - Timeout on attempt to retrieve certificate
                              revocation list for the remote URL.
                              (in milliseconds)
    sslctlidentifier        - List the certificate issuers that can
                              be trusted. This list can be a subset of
                              the certificate issuers that are trusted
                              by the machine.
    sslctlstorename         - Store name under LOCAL_MACHINE where
                              SslCtlIdentifier is stored.
    dsmapperusage           - Turns on/off DS mappers. Default is
                              disabled.
    clientcertnegotiation   - Turns on/off negotiation of certificate.
                              Default is disabled.

Remarks: adds a new SSL server certificate binding and corresponding client
         certificate policies for an IP address and port.

Examples:

     add sslcert ipport=1.1.1.1:443 certhash=0102030405060708090A0B0C0D0E0F1011121314 appid={00112233-4455-6677-8899
-AABBCCDDEEFF}

I might be wrong, but I believe it has something to do how I go about specifying the appid GUID in my powershell script file. Could someone please help me solve the error?

like image 652
user1338998 Avatar asked Mar 04 '13 22:03

user1338998


3 Answers

It's a problem with the way Powershell parses cmd commands. This will execute the command successfully:

$guid = [guid]::NewGuid()
$Command = "http add sslcert ipport=0.0.0.0:443 certhash=5758B8D8248AA8B4E91DAA46F069CC1C39ABA718 appid={$guid}"
$Command | netsh
like image 134
Musaab Al-Okaidi Avatar answered Nov 04 '22 09:11

Musaab Al-Okaidi


The reason for the error is that the curly braces have to be escaped each with a backtick (`).

The following command will work from the PowerShell commandline:

This will work from the PowerShell commadline:

$AppId = [Guid]::NewGuid().Guid
$Hash = "209966E2BEDA57E3DB74FD4B1E7266F43EB7B56D"

netsh http add sslcert ipport=0.0.0.0:8000 certhash=$Hash appid=`{$Guid`}

The important details are to escape each { } with a backtick (`).

If netsh raises an error 87 try appending certstorename my

There is no need to use variables. Its just for sake of convenience.

like image 38
PeterXX Avatar answered Nov 04 '22 11:11

PeterXX


Below code will work, & here is used for invoke program with parameters, and "appid={$guid}" make it pass string value.

& netsh http add sslcert ipport=0.0.0.0:443 certhash=5758B8D8248AA8B4E91DAA46F069CC1C39ABA718 "appid={$guid}"
like image 3
Jackie Avatar answered Nov 04 '22 10:11

Jackie