SSL Certificate add failed, Error: 1312
Question
Friday, August 6, 2010 4:59 PM
I'm trying to connect a SSL cert to my http listener application. I'm running on Windows Server 2008 SP2.
I'm using the netsh http command such as the following to do this.
add sslcert ipport=10.0.0.1:443 certhash=somelongcerthash appid={somelongappid}
When I use the command I get the following error message.
SSL Certificate add failed, Error: 1312
A specified logon session does not exist. It may already have been terminated.
I'm logged onto the server as a domain admin when I run the command.
I previously had this application setup to use SSL on a different port with the same cert, the application ran fine for a few weeks.
I was in the process of switching the application onto port 443 when this error started to occur.
As part of the switch I found the cert was also defined for a web site. I undefined the SSL and port binding for the web site. I reconnected to cert to the old Port and successfully test the application again, then deleted the binding using the "delete sslcert" command and attempt to use the same "add sslcert" command with port 443 and got the failure. Now I can't use the add sslcert command no matter what port I specify without getting the failure message.
Microsoft has a fix for this error message for Windows 7 and Windows Server 2008 R2, but not Windows Server 2008 SP2.
Googling around I see a number of other people that have run into this issue but don't see any remedies that work for me.
--Mark
All replies (13)
Monday, August 23, 2010 11:29 AM ✅Answered
Hi Mark,
This KB might help you
http://support.microsoft.com/kb/981506
Monday, August 30, 2010 7:10 PM ✅Answered | 1 vote
I tried a new certificate and it worked fine.
I exported the problem certificate throught he MMC Certificates plugin assuming that a full cert would be created, but this cert didn't work.
--Mark
Tuesday, March 22, 2011 10:57 AM | 1 vote
For anyone else having the same problem: Check that the certhash you are using is for a certificate that actually exists on the server - this error can also be caused by having the wrong value.
Saturday, November 12, 2011 11:08 PM | 7 votes
Also make sure you've installed the certificate in the service account (MMC -> add snap-in -> certificates -> computer account) and NOT in your personal account.
http.sys requires the certificate to be visible to the system.
Wednesday, December 7, 2011 7:36 PM
Simon Mattes: May the God of Coders (wherever he is) bless you for eternity. I spent more than an hour going through possible fixes (even tried to install the hotfix mentioned in a posting above) with no luck, until I read your posting and....it worked. It's funny how the simplest fixes are sometimes the hardest ones to find. THANKS!!!
Thursday, August 23, 2012 8:26 AM | 4 votes
Aside from the fact that the cert should be installed in LocalComputer->Personal, make sure that the entire cert path has also been installed.
In general, it is better NOT to right-click the .p12 (or other cert format file) and select the import wizard, but rather go into MMC/Certificates/LocalComputer/Personal and call the import wizard from there. Don't ask me why.
Thursday, August 1, 2013 9:54 PM | 3 votes
This page helped me get it working too.... thanks.
Before, I was getting this error:
SSL Certificate add failed, Error: 1312
A specified logon session does not exist. It may already have been terminated.
Here are some more explicit instructions on how I corrected it:
Importing an Existing Certificate
- Run mmc.exe.
- Go to File-> Add/Remove Snap-In
- Choose the Certificates snap-in.
- Select Computer Account
- Navigate to: Certificates (Local Computer)\Personal\Certificates
- Right click the Certificates folder and choose All Tasks -> Import.
- Follow the wizard instructions to select the certificate.
Once imported, then re-run the command from an Administrator command prompt, e.g.:
C:\Windows\system32>netsh http add sslcert ipport=0.0.0.0:443 appid="{EEEB9DB1-0000-1111-2222-1380C8EBEF53}" certhash=2ca58888882790a218b7bab15088b157c89ccccc
Christopher Scholten 龘龗蘇
Thursday, November 7, 2013 8:19 AM
I also had to deal with this recently. I found this solution that worked for me: http://stackoverflow.com/a/19766650/481656
Regards, Hassan Gulzar
Sunday, February 9, 2014 12:44 PM | 1 vote
Another possible cause: selecting "Strong Security" when importing the cert. If you install the cert by right-clicking the pfx file, make sure NOT to select Strong Security".
Tuesday, February 9, 2016 3:16 PM
I have also experienced this issue and although the above responses may have fixed their issues the crux of the problem I found was the private key for the certificate was not installed. The two instances I have recently came across, the complete public key chain had been installed but the private keys were missing. Evidently someone had created the key pair on a separate machine and sent the certificate request off to be signed. When the signed key was returned they only installed the public key chain on the machine needing the certificate. I needed to combine the public and private key pair into a PFX file and import.
Jewettware
Wednesday, June 8, 2016 8:37 AM
Hi Mark,
I met the same issue with yours. here is what i did for troubleshooting.
Check where your cert is requested, if you requested in "Personal" store, you need to keep your cert in "Personal"
i accidentally moved the cert into "trusted root", then it comes with the error Error 1312.
But when i moved the cert back to "Personal", then the cert can be added successfully.
Just provide you a way to test if above methods does't work.
Tuesday, May 30, 2017 10:38 PM
Thank you Jewettware. This has been driving me crazy. Including the private key was the fix for me.
Tuesday, August 13, 2019 5:13 PM
thank you for your help!