Announcement

Collapse
No announcement yet.

Server 2008 R2 SSTP Certificate - netsh http add sslcert error?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Server 2008 R2 SSTP Certificate - netsh http add sslcert error?

    Hi,

    We have a server 2008 R2 with RRAS configured to support SSTP and PPTP type VPN. We got the digital certificate issued from GoDaddy. Recently our certificate got expired and we received a renewed certificate. I following the steps mentioned within below link for certificate replacement.:

    http://blogs.technet.com/b/rrasblog/...as-server.aspx

    I am working on the final steps to attach my certificate using below commands:

    Code:
    netsh http add sslcert ipport=0.0.0.0:443 certhash=xxx appid={ba195980-cd49-458b-9e23-c84ee0adcd75} certstorename=MY
    netsh http add sslcert ipport=[::]:443 certhash=xxx appid={ba195980-cd49-458b-9e23-c84ee0adcd75} certstorename=MY
    But, I keep getting below error:

    Code:
    SSL Certificate add failed, Error: 1312
    A specified logon session does not exist. It may already have been terminated.
    For reference below is the output from "netsh http show sslcert" command before I had started certificate replacement:

    Code:
    SSL Certificate bindings:
    -------------------------
    
        IP:port                 : 0.0.0.0:443
        Certificate Hash        : 156fa2769e31f1e94c619265a100e68a4098dc90
        Application ID          : {4dc3e181-e14b-4a21-b022-59fc669b0914}
        Certificate Store Name  : MY
        Verify Client Certificate Revocation    : Enabled
        Verify Revocation Using Cached Client Certificate Only    : Disabled
        Usage Check    : Enabled
        Revocation Freshness Time : 0
        URL Retrieval Timeout   : 0
        Ctl Identifier          : (null)
        Ctl Store Name          : (null)
        DS Mapper Usage    : Disabled
        Negotiate Client Certificate    : Disabled
    
        IP:port                 : 0.0.0.0:8172
        Certificate Hash        : d494ffd1b960c844396cd0405037539d2610e450
        Application ID          : {00000000-0000-0000-0000-000000000000}
        Certificate Store Name  : MY
        Verify Client Certificate Revocation    : Enabled
        Verify Revocation Using Cached Client Certificate Only    : Disabled
        Usage Check    : Enabled
        Revocation Freshness Time : 0
        URL Retrieval Timeout   : 0
        Ctl Identifier          : (null)
        Ctl Store Name          : (null)
        DS Mapper Usage    : Disabled
        Negotiate Client Certificate    : Disabled
    
        IP:port                 : [::]:443
        Certificate Hash        : 156fa2769e31f1e94c619265a100e68a4098dc90
        Application ID          : {ba195980-cd49-458b-9e23-c84ee0adcd75}
        Certificate Store Name  : MY
        Verify Client Certificate Revocation    : Enabled
        Verify Revocation Using Cached Client Certificate Only    : Disabled
        Usage Check    : Enabled
        Revocation Freshness Time : 0
        URL Retrieval Timeout   : 0
        Ctl Identifier          :
        Ctl Store Name          :
        DS Mapper Usage    : Disabled
        Negotiate Client Certificate    : Disabled
    And below is my current output for the same command:

    Code:
    SSL Certificate bindings:
    -------------------------
    
        IP:port                 : 0.0.0.0:8172
        Certificate Hash        : d494ffd1b960c844396cd0405037539d2610e450
        Application ID          : {00000000-0000-0000-0000-000000000000}
        Certificate Store Name  : MY
        Verify Client Certificate Revocation    : Enabled
        Verify Revocation Using Cached Client Certificate Only    : Disabled
        Usage Check    : Enabled
        Revocation Freshness Time : 0
        URL Retrieval Timeout   : 0
        Ctl Identifier          : (null)
        Ctl Store Name          : (null)
        DS Mapper Usage    : Disabled
        Negotiate Client Certificate    : Disabled
    I also verified my certificate and there are no errors on missing private key.

    I don't recall how I had done SSTP config my first time as its been a while so I would appreciate any kind of assistance to have my SSTP resolved and get it back functioning.

    Thanks,

  • #2
    Re: Server 2008 R2 SSTP Certificate - netsh http add sslcert error?

    Thanks to everyone for looking. I resolved this by myself.

    Instead of importing certificate via command-line I imported via IIS-->Server Certificates->Complete Certificate Request action. After this I binded https/443 on Default site to this certificate.

    Comment

    Working...
    X