“The parameter is incorrect.” error using netsh http add sslcert
Following the instructions on \"How to: Configure a Port with an SSL Certificate\" in this link: http://msdn.microsoft.com/en-us/library/ms733791.aspx, I entered this comman
-
I must have ended up mangling the relationship between VS and IIS Express by deleting the localhost certificate. I was really stuck. The app wouldn't start and nothing I could do seemed to correct this disconnect (which is want brought me to this thread to begin with).
I was finally able to get over the issue by changing the assigned port on the non-SSL URL (
launchSettings.jsonin .NET Core apps) and disabling the Enable SSL checkbox in the project settings and taking a fresh start. I was then able to add my newly created cert with this command:netsh http add sslcert ipport=0.0.0.0:44392 appid={214124cd-d05b-4309-9af9-9caa44b2b74b} certhash=A0ADC1A1002F288CCFA96261F9F352D28C675A90.Also, note that the
appidvariable is not a reflection of your VS project AppID (or at least it doesn't have to be). It's just an arbitrary GUID, according to Scott Hanselmann:The AppId doesn't really matter, its just a GUID. This tells HTTP.SYS that we're using that certificate.
This was not obvious to me and made dealing with the parameter is incorrect error that much more obscure.
If you're experiencing similar issues, good luck. I believe in you. Ping me if you're feeling lost and alone. Maybe I can remember something by then! :D
讨论(0) -
Copying the certificate thumbprint from the Certificate\Details\Thumbprint would prepend the thumbprint value with the the bytes '3f38' which, when converted to ANSI were shown as a '?'. This hidden value caused the issue for me.
I pasted the value into notepad++, chose 'Encoding' > 'Convert to ANSI', then I manually removed the prepended '?' characters. I would then have a clean thumbprint value to use.
讨论(0) -
Looking at the syntax for the netsh command, I saw this example:
add sslcert ipport=1.1.1.1:443 certhash=0102030405060708090A0B0C0D0E0F1011121314 appid={00112233-4455-6677-8899-AABBCCDDEEFF}By the looks of it, your problem is that you're doing
ipport:10.141.146.227:7001 ^as opposed to
ipport=10.141.146.227:7001 ^讨论(0) -
The PowerShell command line and PowerShell scripts in ps1 files will think curley-braces {...} are PowerShell directives. So quote them. Otherwise, as you have seen, PowerShell will be confused.
So rather than this (which you found fails):
netsh http add sslcert ipport:10.141.146.227:7001 certhash=5d48e604007b867ae8a69260a4ad318d2c05d8ff appid= {EDE3C891-306C-40fe-BAD4-895B236A1CC8}Do this (note the single quotes):
netsh http add sslcert ipport:10.141.146.227:7001 certhash=5d48e604007b867ae8a69260a4ad318d2c05d8ff appid= '{EDE3C891-306C-40fe-BAD4-895B236A1CC8}'Here is some information about PowerShell syntax with curley braces:
http://danv74.wordpress.com/2012/07/12/powershell-and-the-hidden-art-of-curly-braces-and-other-braces/
讨论(0) -
there were a few things i did that i thought made it work after getting the same "The parameter is incorrect." Error.
1) restarted machine and did it again. it worked the first time. 2) made sure i was in c:\ and put the command again after restarting didn't work
i couldn't explain why but i think that maybe both times, there was something else wrong. because the third time this happened to me,
3) i went through the thumbprint of my CA (not the issued server cert) and copied it again from the MMC and it worked.
after this happened, i deleted it again (netsh http delete sslcert ipport=0.0.0.0:) and repeated the process using the thumbprint of the server certificate. The darned thing worked again.
I dunno, just try going through the same thing I did. maybe one of these would work. In the end, i suspect that I entered a bogus space or character in the certhash.
讨论(0) -
Watch out, if you have a DNS Name as a Binding use hostnameport instead of ipport
netsh http delete sslcert hostnameport=domainame.com:443I had to delete ADFS Proxy Bindings for Office 365 Single-Sign On.
讨论(0)
加载中...
- 热议问题