Pages: 1

#1 2016-11-14 20:02:45

erick
Member
Registered: 2015-09-09
Posts: 155

httpd.sys and SSL

I have been struggling for hours trying to get HTTPD.SYS to work with SSL under Windows 10

I added the certificate using the Certificate Manager.  And now

D:\shop\server>netsh http show urlacl

  ...
  Reserved URL            : https://+:443/root/
        User: \Everyone
            Listen: Yes
            Delegate: Yes
            SDDL: D:(A;;GA;;;WD)

Which is what I want I think.

D:\shop\server>netsh http show sslcert

SSL Certificate bindings:
-------------------------

    IP:port                      : 0.0.0.0:4482
    Certificate Hash             : 8d9c00edafceefabd3a6b71a69d2b25251ef1fc4
    Application ID               : {6470088c-1553-44ea-8ee0-97f2042249e8}
    Certificate Store Name       : My
    Verify Client Certificate Revocation : Enabled
    Verify Revocation Using Cached Client Certificate Only : Disabled
    Usage Check                  : Disabled
    Revocation Freshness Time    : 0
    URL Retrieval Timeout        : 0
    Ctl Identifier               : (null)
    Ctl Store Name               : (null)
    DS Mapper Usage              : Disabled
    Negotiate Client Certificate : Disabled
    Reject Connections           : Disabled

I don't know why it bound to that port.  I deleted it, then try to bind it to 443, assuming I would use the same GUID as was above
but that doesn't work.

D:\shop\server>netsh http add sslcert ipport=0.0.0.0:443 certhash=8d9c00edafceefabd3a6b71a69d2b25251ef1fc4  appid={6470088c-1553-44ea-8ee0-97f2042249e8}

SSL Certificate add failed, Error: 1312
A specified logon session does not exist. It may already have been terminated.

I'm guessing it doesn't like the GUID?  People seem to just make up a GUID and it works for them.  Any suggestions?

Erick

Offline

#2 2016-11-14 20:32:58

mpv
Member
From: Ukraine
Registered: 2012-03-24
Posts: 1,571
Website

Re: httpd.sys and SSL

Try to add a certificate using fake IIS site. After this stop IIS site and run your service..

Offline

#3 2016-11-15 00:50:11

erick
Member
Registered: 2015-09-09
Posts: 155

Re: httpd.sys and SSL

mpv wrote:

Try to add a certificate using fake IIS site. After this stop IIS site and run your service..

Okay, my SSL cert doesn't work with IIS either.  So that will help me debugging, thanks.

Erick

Offline

#4 2016-11-15 11:06:49

Bo
Member
From: Melbourne
Registered: 2016-07-04
Posts: 57
Website

Re: httpd.sys and SSL

erick wrote:

I have been struggling for hours trying to get HTTPD.SYS to work with SSL under Windows 10

...

I'm guessing it doesn't like the GUID?  People seem to just make up a GUID and it works for them.  Any suggestions?

Erick

The GUID does not play an important role at all, I made up one too. Most likely would be certificate's issue. I tried self-sign certificate by following the step's in the document but was not successful, then I reused the set of certificates from a production server and it worked immediately since then.

Offline

#5 2016-11-17 02:07:25

erick
Member
Registered: 2015-09-09
Posts: 155

Re: httpd.sys and SSL

Bo wrote:
erick wrote:

I have been struggling for hours trying to get HTTPD.SYS to work with SSL under Windows 10

...

I'm guessing it doesn't like the GUID?  People seem to just make up a GUID and it works for them.  Any suggestions?

Erick

The GUID does not play an important role at all, I made up one too. Most likely would be certificate's issue. I tried self-sign certificate by following the step's in the document but was not successful, then I reused the set of certificates from a production server and it worked immediately since then.

It turned out to be a bad certificate.  I got it reissued and everything quickly fell into place and worked perfectly.  Thanks for the clues everyone.

Erick

Offline

Pages: 1

Board footer

Powered by FluxBB