ssl-certificateowinnetsh

Invalid parameter on netsh http add


All the ways end at the same point "Invalid parameter" referring to appid (Guid). If I remove that parameter, the adding process can finish correctly.

These are the some commands I have been trying until now:

  1. Direct commands
   netsh http add sslcert ipport=0.0.0.0:9005 certhash=a80cbaa0357d02c9da654b5bfdd79ceaae7770d2 appid=90fcf56d-118a-495b-897f-ac5fa0c53b14

   netsh http add sslcert ipport=0.0.0.0:9005 certhash=a80cbaa0357d02c9da654b5bfdd79ceaae7770d2 appid={90fcf56d-118a-495b-897f-ac5fa0c53b14}

   netsh http add sslcert ipport=0.0.0.0:9005 certhash=a80cbaa0357d02c9da654b5bfdd79ceaae7770d2 appid='{90fcf56d-118a-495b-897f-ac5fa0c53b14}'

   netsh http add sslcert ipport=0.0.0.0:9005 certhash=a80cbaa0357d02c9da654b5bfdd79ceaae7770d2 appid="{90fcf56d-118a-495b-897f-ac5fa0c53b14}"
  1. Changing order:
   netsh http add sslcert ipport=0.0.0.0:9005 appid=90fcf56d-118a-495b-897f-ac5fa0c53b14 certhash=a80cbaa0357d02c9da654b5bfdd79ceaae7770d2
  1. Using variables
   $guid = \[guid\]::NewGuid()

   $Command = "http add sslcert ipport=0.0.0.0:9005 certhash=a80cbaa0357d02c9da654b5bfdd79ceaae7770d2 appid={$guid}"

   $Command | netsh

Edit: After some tries, I began to receive Error 1312, as follows: Error al agregar el certificado SSL. Error: 1312 Una sesión de inicio especificada no existe. Es posible que haya finalizado. As Luuk has answered me later, I realized that the problem was that the certificate had not private key and so, it couldn't be related with any ipport using sslcert.


Solution

  • I finally got it. These are the steps I followed:

    #1-Crear certificado #1-Creating selfsigned certificate

    New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname dmname.localhost.com
    

    #**************************************************************************************************************** #Notas, tras varias pruebas, he visto que es obligatorio que el certificado final tenga clave privada añadida. #After some tries, I realized that the certificate must be signed to be related with any application when we're using netsh. #****************************************************************************************************************

    #2-Se hace la relación con el footprint devuelto por el paso anterior que representa el certificado con la dirección:puerto de nuestra aplicación #2- Making relation between certificate and service point

    netsh http add sslcert ipport=0.0.0.0:9005 certhash=C29F0ACC2AC4882835C8E027582DDC18971A36B3 appid="{123e4567-e89b-12d3-a456-426655440001}"
    

    Appid quotes are needed because it's required to scape the expression "-e89b"

    #3- Check reserved URLs

    netsh http show urlacl
    

    #4-Reserve url netsh http add urlacl

    url=https://dmname.localhost.com:9005/ user=Users