I'm building a C# console app that'll:
[1.] Generate a self-signed certificate.
[2.] Add it to the Personal (Local Computer Store)
[3.] And finally assign that certificate to a port number on the machine with the netsh command.
So far, I got parts [1.] and [2.] working perfectly, but on [3.] I'm plagued with the useless and non-informal error message:
SSL Certificate add failed, Error: 1312 A specified logon session does not exist. It may already have been terminated.
When I go look at Microsoft's official page about this issue: https://support.microsoft.com/en-us/kb/981506
It's basically telling me that this is a Windows Operating System bug and that I should request a hotfix.
My Hack Solution To This Problem:
One way I was able to finally bypass this error, was by Opening IIS Home>Open "Server Certificates" Feature> And then Importing my .pfx certificate.
By importing the .pfx to IIS, I seemed to be able to get around the issue without trouble. I only needed to generate a .pfx by running both these two commands in order
1.) C:\OpenSSL-Win32\bin>openssl req -x509 -sha256 -nodes -days 365 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
2.) C:\OpenSSL-Win32\bin>openssl pkcs12 -export -out cert.pfx -inkey privateKey.key -in certificate.crt -passout pass:
So if I run those two commands to openssl right now, and import them via IIS to my Personal Local Computer certificate store, I'll have no SSL Certificate add failed, Error: 1312
problem.
But if I add the newly generated certificate programatically to my Personal Local Computer certificate store, then I do get the Error:1312 problem.
Here's my code:
using CERTENROLLLib;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;
using System.IO;
using System.Text;
using System.Security.Cryptography;
using System.Diagnostics;
namespace Generate_X509_Certificate
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine(Guid.NewGuid().ToString());
Console.ReadLine();
// Launch OpenSSL:
string cPath = @"C:\OpenSSL-Win32\bin\";
string filename = Path.Combine(cPath, @"openssl.exe");
// Generate a .crt file
Console.WriteLine(@"Generating SSL Certificate...");
ProcessStartInfo startInfo = new ProcessStartInfo(@"C:\OpenSSL-Win32\bin\openssl.exe", @"req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt -subj ""/C=US/ST=California/L=SanFrancisco/CN=SecurityEncryption""");
Process.Start(startInfo);
// Combine the .crt with the .key to form a more Windows friendly .pfx
Console.WriteLine(@"Combining Private Key With Certificate...");
Process proc2 = Process.Start(filename, "pkcs12 -export -out cert.pfx -inkey privateKey.key -in certificate.crt -passout pass:");
proc2.Close();
// Store our newly created .pfx file as a variable
X509Certificate2 cert = new X509Certificate2(Directory.GetCurrentDirectory()+@"\cert.pfx");
// Add our .pfx file into the Personal Local Computer store:
var store = new X509Store(StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
store.Close();
// Finally, use netsh to assign this newly generated certificate to port 6613
string s1 = "netsh http add sslcert ipport=0.0.0.0:6613 certhash=βββ" + cert.GetCertHashString() + " appid={" + Guid.NewGuid().ToString() + "}";
Process p1 = new Process();
p1.StartInfo.FileName = "netsh.exe";
p1.StartInfo.Arguments = s1;
p1.StartInfo.UseShellExecute = false;
p1.StartInfo.RedirectStandardOutput = true;
// π this is where I get the error "SSL Certificate add failed, Error: 1312"
p1.Start();
}
}
}
Here's the netsh command that works perfectly fine as long as I'm not executing it in this C# program:
netsh http add sslcert ipport=0.0.0.0:6613 certhash=ββββ8834efd403687b331363ce9e5657ba4ffba0075b appid={e604f84f-e666-4ccf-af52-fdeca666b5e9}
The Confusing Part
So if you were to execute my openssl
commands verbatim from this thread, than import the .pfx
file generated by openssl into IIS and finally use the netssh
command as seen above with the proper certificate hash, than this entire thing works perfectly. But when you do what I just said automatically in the C# code above, I get the Error.
Another thing, the .pfx generated than imported into the store from this code will not work at all when you try to manually netsh
it through the command line.
Does anyone have any ideas?