使用 netsh，将 SSL 证书绑定到端口号失败 [英] Using netsh, bind an SSL certificate to a port number is failing

问题描述

我已按照 SSL 与自托管 WCF 服务中的说明进行操作.当我尝试使用 netsh 在 Windows 7 上绑定证书时，如 How to: Configure a Port with anSSL 证书.，失败如下.

I have followed the instructions in SSL with Self Hosted WCF Service. When I am trying to bind the certificate on Windows 7 using netsh as described in How to: Configure a Port with an SSL Certificate., it is failing as follows.

PS C:\> netsh http add sslcert ipport=0.0.0.0:8732 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF}
Bad numeric constant: 224.
At line:1 char:104
+ netsh http add sslcert ipport=0.0.0.0:8732 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={001 <<<< 12233-4455-6677-8899-AABBCCDDEEFF}
+ CategoryInfo          : ParserError: (224:String) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : BadNumericConstant

在命令提示符中

C:\>netsh http add sslcert ipport=0.0.0.0:8732 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF}

SSL Certificate add failed, Error: 1312
A specified logon session does not exist. It may already have been terminated.

推荐答案

错误的根源是我直接从 signroot.cert 的证书文件中取出了 ThumbPrint，该文件是通过创建所需的第一个 makecert 命令创建的受信任的根证书颁发机构"，它再次用于在第二个 makecert 命令中真正创建(和安装)自签名受信任证书.

The source of the error is that I have taken the ThumbPrint directly from the certificate file of signroot.cert, which is created from the first makecert command needed for creating "Trusted Root Certification Authorities", which is used again to really create(and install) the self-sigend trusted certificate in the second makecert command.

第二个 makecert 命令还将创建的证书安装在证书(本地计算机)-> 个人-> 证书"节点中.必须再次刷新当前打开的 MMC 才能看到localhost"证书，ThumbPrint 需要从该证书中获取，而不是从 signroot.cert 获取.

The second makecert command also install the created certificates in the "Certificates (Local Computer) -> Personal -> Certificates node." One has to refresh the currently open MMC again to see the "localhost" certificate and the ThumbPrint need to be taken from this certificates but not from signroot.cert.

如果仍然不是这种情况，则可能需要从 M$ 安装此修补程序.http://support.microsoft.com/kb/981506

If it is still not the case, one might need to install this hotfix from M$. http://support.microsoft.com/kb/981506

参考:http://social.technet.microsoft.com/Forums/en/winservergen/thread/68452008-a89b-40ba-9927-472efcfafc99

这篇关于使用 netsh，将 SSL 证书绑定到端口号失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！