Windows 10: Windows 10 20H2 prof. Self signed certificate produces error 1312 with netsh http add sslcert

Discus and support Windows 10 20H2 prof. Self signed certificate produces error 1312 with netsh http add sslcert in Windows 10 Network and Sharing to solve the problem; I asked the question prior but didn't get any response, so i try it here . I am trying to write a service that answers on a localhost https requests... Discussion in 'Windows 10 Network and Sharing' started by Pedrodacosta, Mar 10, 2021.

  1. PEDRODACOSTA
    Pedrodacosta Win User

    Windows 10 20H2 prof. Self signed certificate produces error 1312 with netsh http add sslcert


    I asked the question prior but didn't get any response, so i try it here .


    I am trying to write a service that answers on a localhost https requests and process the form data.
    For test purposes a generated a selfsigned ssl certificate with makecert and openssl and add it to the root and personal certificat.

    In both cases, when i try

    1. netsh http add sslcert ipport=0.0.0.0:8180 certhash=99858B7A5DF30E700653E7A832F21AB68722C93F appid={82f96a4e-ad9c-4448-9f69-e9e9150c661e}


    i get error 1312 ssl certificate can't be added

    I checked in the personal certificate folder of local machine as in trusted root certificate, all certificate are present and valid

    makecert

    1. makecert -sky exchange -r -n "CN=SRRootCert,OU=myprog,O=company,L=city,S=NRW,C=DE" -pe -b 01/01/2021 -e 12/31/2031 -a sha256 -len 2048 -sv D:\Zertifikate\SRRootCA.pvk -ss SRCertStore D:\Zertifikate\SRRootCA.cer
    3. makecert -sk SRRootCert -iv D:\Zertifikate\SRRootCA.pvk -n "CN=SRServ" -a sha256 -len 2048 -ic D:\Zertifikate\SRRootCA.cer D:\Zertifikate\SRService.cer -sr localmachine -ss SRCertStore
    6. POWERSHELL Import-Certificate -FilePath "D:\Zertifikate\SRRootCA.cer" -CertStoreLocation Cert:\LocalMachine\Root
    7. POWERSHELL Import-Certificate -FilePath "D:\Zertifikate\SRService.cer" -CertStoreLocation Cert:\LocalMachine\My
    10. netsh http add sslcert ipport=0.0.0.0:8180 certhash=99858B7A5DF30E700653E7A832F21AB68722C93F appid={aaaaaa-aaaaaa-aaaa-aaaa-aaaaaaaaa}


    And my try with openssl-

    1. openssl genrsa -des3 -out D:\Zertifikate\ServicerootCA.key 2048
    2. openssl req -x509 -new -nodes -key D:\Zertifikate\ServicerootCA.key -sha256 -days 4096 -out D:\Zertifikate\ServicerootCA.crt
    5. openssl genrsa -out D:\Zertifikate\SRClient.key 2048
    7. openssl req -new -sha256 -key D:\Zertifikate\SRClient.key -subj "/C=DE/ST=NRW/O=company/Lcity/CN=eService" -out D:\Zertifikate\SRClient.csr
    9. openssl req -in D:\Zertifikate\SRClient.csr -noout -text
    11. openssl x509 -req -in D:\Zertifikate\SRClient.csr -CA D:\Zertifikate\ServicerootCA.crt -CAkey D:\Zertifikate\ServicerootCA.key -CAcreateserial -out D:\Zertifikate\SRConnectClient.crt -days 4096 -sha256
    13. openssl x509 -in D:\Zertifikate\SRClient.crt -text -noout
    15. POWERSHELL Import-Certificate -FilePath "D:\Zertifikate\EServicerootCA.crt" -CertStoreLocation Cert:\LocalMachine\Root
    16. POWERSHELL Import-Certificate -FilePath "D:\Zertifikate\SRClient.crt" -CertStoreLocation Cert:\LocalMachine\My


    and then

    1. netsh http add sslcert ipport=0.0.0.0:8180 certhash=99858B7A5DF30E700653E7A832F21AB68722C93F appid={aaaaaa-aaaaaa-aaaa-aaaa-aaaaaaaaa}



    Every step is tested and runs without errors, files are created, checks run and finally add to the cetificate storage, but it produces an error described abouve.

    To test netsh http add sslcert, i bond another certificate that was made for us by a "official" CA and it runs.

    So nothing basically is wrong with the final step, but i can't figure out why it will not accept the self signed certificates, which
    are as shown in the image registered and valid.

    I also added the certificates with the mmc only to see if it makes any difference, which it didn't .

    And in added the certificate, to the personal folder Windows 10 20H2 prof. Self signed certificate produces error 1312 with netsh http add sslcert a2e132d8-47ad-4247-aaf6-66fc6cfc5202?upload=true.png

    :)
     
    Pedrodacosta, Mar 10, 2021
    #1
  2. THROWMEDOWNTHERIVER4444
    throwmedowntheriver4444 Win User

    How to add self-signed certificate to my PC?

    My PC is Windows 10 Pro x64 and I have Edge and Chrome browsers installed.

    I installed my firewall's Certificate Authority into the windows certificate store by going to MMC, adding Certificates, and adding it to the Trusted Root CA. I now see my firewall root CA as (firewallCA).

    Now I created a CNAME in my DNS to access my firewall as fw.example.com which only resolves internally. I then generated on my firewall a self-signed certificate. Once created, I downloaded the certificate and also added it to the MMC->Certificates.

    I can now open IE or Edge and go to https://fw.example.com and not get a certificate error. However, if I use Chrome, I still get the error. I went to the Chrome advanced settings and see the firewallCA listed, but not the self-signed cert. I guess I have to add it manually, but I want it to apply to any user on this PC. How can I add the self-signed cert to Chrome for all users?
     
    throwmedowntheriver4444, Mar 10, 2021
    #2
  3. UMESHXE
    UmeshXE Win User
    how to call HTTPS having self signed certificate in windows phone?

    Hi All,



    I am trying to call HTTPS from windows phone 7.5 application.Though it is called successfully for
    HTTPS having certificate from trusted source like VeriSign,but it is returning an exception that remote server not found error for
    Self Signed Certificate.I have installed my self signed certficate in the device sending it by mail and called HTTPS like HTTP,but it didn't work.



    So can anyone suggest how to call HTTPS having Self Signed Certificate?Whether it is possible or not for
    Self Signed Certificate?



    Thanks.
     
    UmeshXE, Mar 10, 2021
    #3
Thema:

Windows 10 20H2 prof. Self signed certificate produces error 1312 with netsh http add sslcert

Loading...

  1. Windows 10 20H2 prof. Self signed certificate produces error 1312 with netsh http add sslcert - Similar Threads - 20H2 prof Self

  2. An invalid [self-signed] CA certificate exists on Windows 10 Pro, but...

    in Windows 10 Gaming
    An invalid [self-signed] CA certificate exists on Windows 10 Pro, but...: Statement of the Problem: An invalid self-signed CA certificate which all browsers says it's using, can't be found by standard Windows tools so it can be removed.Background: I have a small self-hosted environment in Docker on Windows 10. I've identified a bogus CA certificate...

  3. An invalid [self-signed] CA certificate exists on Windows 10 Pro, but...

    in Windows 10 Software and Apps
    An invalid [self-signed] CA certificate exists on Windows 10 Pro, but...: Statement of the Problem: An invalid self-signed CA certificate which all browsers says it's using, can't be found by standard Windows tools so it can be removed.Background: I have a small self-hosted environment in Docker on Windows 10. I've identified a bogus CA certificate...

  4. An invalid [self-signed] CA certificate exists on Windows 10 Pro, but...

    in AntiVirus, Firewalls and System Security
    An invalid [self-signed] CA certificate exists on Windows 10 Pro, but...: Statement of the Problem: An invalid self-signed CA certificate which all browsers says it's using, can't be found by standard Windows tools so it can be removed.Background: I have a small self-hosted environment in Docker on Windows 10. I've identified a bogus CA certificate...

  5. Self signed certificate used to expire standalone media MECM

    in Windows 10 Customization
    Self signed certificate used to expire standalone media MECM: Good evening folks,I'm currently exploring making a USB software stick created with MECM more secure by password protecting it and assigning the self signed certificate during the task sequence standalone media creation which lets it expire. I've searched quite a bit and...

  6. Self signed certificate used to expire standalone media MECM

    in Windows 10 Gaming
    Self signed certificate used to expire standalone media MECM: Good evening folks,I'm currently exploring making a USB software stick created with MECM more secure by password protecting it and assigning the self signed certificate during the task sequence standalone media creation which lets it expire. I've searched quite a bit and...

  7. Ftps with self-signed certificate. Remote access issue

    in Windows 10 Network and Sharing
    Ftps with self-signed certificate. Remote access issue: Hi,Sorry I’m not very experienced with this topic. As the title suggests, I created a self signed certificate and set up a ftp over ssl with port 21 explicit. Than forwarded the 21 port in my router and assigned an external one. I’m able to connect to it locally, with the pc...

  8. Secure Credentials with Self-Signed Certificates for PowerShell Script

    in Windows 10 News
    Secure Credentials with Self-Signed Certificates for PowerShell Script: Hello everyone, I’m Preston K. Parsard, specializing in Platforms, Azure Infrastructure and Automation topics, and I’d like to share some insights for securing PowerShell credentials using certificates. This post is based on a recent customer project, but we’ll also wrap a...

  9. How to sign Powershell profile w/ self-signed certificate?

    in Windows 10 Support
    How to sign Powershell profile w/ self-signed certificate?: About self-signing drivers: check in with Fernando (Dieter, the owner/operator) at Win-RAID.com. He's been doing that for years because of all the driver mods he posts on his site. Once you load his certificate, you can also load and use any of his drivers. It's a fair amount...

  10. Self-Signed Certificates no longer working since update

    in Windows 10 Support
    Self-Signed Certificates no longer working since update: Morning all, annoyingly Windows decided to update itself over the weekend and rebooted my PC. This also happened with a few other work PCs and left users unable to login for an hour while it forced the update on us. Luckily we only have a handful of Win 10 PCs and decided...