SSL Certificate add failed, Error: 1312
Asked Answered
M

1

6

I'm building a C# console app that'll:

[1.] Generate a self-signed certificate.

[2.] Add it to the Personal (Local Computer Store)

[3.] And finally assign that certificate to a port number on the machine with the netsh command.

So far, I got parts [1.] and [2.] working perfectly, but on [3.] I'm plagued with the useless and non-informal error message:

SSL Certificate add failed, Error: 1312 A specified logon session does not exist. It may already have been terminated.

When I go look at Microsoft's official page about this issue: https://support.microsoft.com/en-us/kb/981506

It's basically telling me that this is a Windows Operating System bug and that I should request a hotfix.

My Hack Solution To This Problem:

One way I was able to finally bypass this error, was by Opening IIS Home>Open "Server Certificates" Feature> And then Importing my .pfx certificate.

By importing the .pfx to IIS, I seemed to be able to get around the issue without trouble. I only needed to generate a .pfx by running both these two commands in order

1.) C:\OpenSSL-Win32\bin>openssl req -x509 -sha256 -nodes -days 365 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

2.) C:\OpenSSL-Win32\bin>openssl pkcs12 -export -out cert.pfx -inkey privateKey.key -in certificate.crt -passout pass:

So if I run those two commands to openssl right now, and import them via IIS to my Personal Local Computer certificate store, I'll have no SSL Certificate add failed, Error: 1312 problem.

But if I add the newly generated certificate programatically to my Personal Local Computer certificate store, then I do get the Error:1312 problem.

Here's my code:

using CERTENROLLLib;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;

using System.IO;
using System.Text;
using System.Security.Cryptography;
using System.Diagnostics;

namespace Generate_X509_Certificate
{
    class Program
    {
        static void Main(string[] args)
        {

            Console.WriteLine(Guid.NewGuid().ToString());
            Console.ReadLine();

            // Launch OpenSSL:
            string cPath = @"C:\OpenSSL-Win32\bin\";
            string filename = Path.Combine(cPath, @"openssl.exe");

            // Generate a .crt file
            Console.WriteLine(@"Generating SSL Certificate...");
            ProcessStartInfo startInfo = new ProcessStartInfo(@"C:\OpenSSL-Win32\bin\openssl.exe", @"req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt -subj ""/C=US/ST=California/L=SanFrancisco/CN=SecurityEncryption""");
            Process.Start(startInfo);

            // Combine the .crt with the .key to form a more Windows friendly .pfx
            Console.WriteLine(@"Combining Private Key With Certificate...");
            Process proc2 = Process.Start(filename, "pkcs12 -export -out cert.pfx -inkey privateKey.key -in certificate.crt -passout pass:");
            proc2.Close();

            // Store our newly created .pfx file as a variable
            X509Certificate2 cert = new X509Certificate2(Directory.GetCurrentDirectory()+@"\cert.pfx");

            // Add our .pfx file into the Personal Local Computer store:
            var store = new X509Store(StoreLocation.LocalMachine);
            store.Open(OpenFlags.ReadWrite);
            store.Add(cert);
            store.Close();

            // Finally, use netsh to assign this newly generated certificate to port 6613
            string s1 = "netsh http add sslcert ipport=0.0.0.0:6613 certhash=β€Žβ€Žβ€Ž" + cert.GetCertHashString() + " appid={" + Guid.NewGuid().ToString() + "}";
            Process p1 = new Process();
            p1.StartInfo.FileName = "netsh.exe";
            p1.StartInfo.Arguments = s1;
            p1.StartInfo.UseShellExecute = false;
            p1.StartInfo.RedirectStandardOutput = true;

            // πŸ‘Ž this is where I get the error "SSL Certificate add failed, Error: 1312"
            p1.Start();
        }
    }
}

Here's the netsh command that works perfectly fine as long as I'm not executing it in this C# program:

netsh http add sslcert ipport=0.0.0.0:6613 certhash=β€Žβ€Žβ€Žβ€Ž8834efd403687b331363ce9e5657ba4ffba0075b appid={e604f84f-e666-4ccf-af52-fdeca666b5e9}

The Confusing Part

So if you were to execute my openssl commands verbatim from this thread, than import the .pfx file generated by openssl into IIS and finally use the netssh command as seen above with the proper certificate hash, than this entire thing works perfectly. But when you do what I just said automatically in the C# code above, I get the Error.

Another thing, the .pfx generated than imported into the store from this code will not work at all when you try to manually netsh it through the command line.

Does anyone have any ideas?

Mulch answered 11/9, 2015 at 23:11 Comment(1)
You don't need to run netsh in code, as PInvoking HTTP API is much easier. – Cope
D
6

try explicit include the pfx to the cert before store it if using C#

    var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
            store.Open(OpenFlags.ReadWrite);
    //ensure pfx in cert.
    byte[] pfx = cert.Export(X509ContentType.Pfx);
    cert = new X509Certificate2(pfx, (string)null, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet);

    //then store
    store.Add(cert);
    store.Close();
Diplomatics answered 12/3, 2017 at 4:54 Comment(1)
this solution did work for me :) saved my day. Thanks. The second parameter for X509Certificate2 is "password". – Leuco

© 2022 - 2024 β€” McMap. All rights reserved.