Following the instructions on "How to: Configure a Port with an SSL Certificate" in this link: http://msdn.microsoft.com/en-us/library/ms733791.aspx, I entered this command on the commandline (duh):
按照以下链接中的“如何:使用SSL证书配置端口”的说明操作:http://msdn.microsoft.com/en-us/library/ms733791.aspx,我在命令行上输入了此命令(duh) :
> netsh http add sslcert ipport:10.141.146.227:7001 certhash=5d48e604007b867ae8a69260a4ad318d2c05d8ff appid={EDE3C891-306C-40fe-BAD4-895B236A1CC8}
The parameter is incorrect.
My certhash
thumbprint was taken from the certificate in Certificates(Local Computer)>Personal>Certificates folder.
我的certhash指纹取自证书(本地计算机)>个人>证书文件夹中的证书。
The appid
GUID was generated.
appid GUID已生成。
What else is wrong that I need to fix to get this to work?
还有什么问题我需要修复才能让它发挥作用?
18 个解决方案
#1
In PowerShell just type as follows. first get into netsh http mode and then add sslcert. It's worked for me.
在PowerShell中输入如下内容。首先进入netsh http模式,然后添加sslcert。它对我有用。
>netsh
netsh>http
netsh http>add sslcert ipport=0.0.0.0:13286 appid='{a5455c78-6489-4e13-b395-47fbdee0e7e6}' certhash=<thumprint without space>
#2
Another possible cause for this problem is hidden characters being copied from the Certificate Manager page. If you copy the thumbprint from the details window in Certificates, check for a hidden character at the start (use your arrow keys!). This was the cause for me of the "The Parameter is Incorrect" error message.
此问题的另一个可能原因是从证书管理器页面复制隐藏的字符。如果从“证书”中的详细信息窗口复制指纹,请在开始时检查隐藏字符(使用箭头键!)。这是我的“参数不正确”错误消息的原因。
#3
The PowerShell command line and PowerShell scripts in ps1 files will think curley-braces {...} are PowerShell directives. So quote them. Otherwise, as you have seen, PowerShell will be confused.
ps1文件中的PowerShell命令行和PowerShell脚本会认为curley-braces {...}是PowerShell指令。引用它们。否则,正如您所见,PowerShell将会感到困惑。
So rather than this (which you found fails):
所以,而不是这(你发现失败):
netsh http add sslcert ipp ort:10.141.146.227:7001 certhash=5d48e604007b867ae8a69260a4ad318d2c05d8ff appid= {EDE3C891-306C-40fe-BAD4-895B236A1CC8}
Do this (note the single quotes):
这样做(注意单引号):
netsh http add sslcert ipp ort:10.141.146.227:7001 certhash=5d48e604007b867ae8a69260a4ad318d2c05d8ff appid= '{EDE3C891-306C-40fe-BAD4-895B236A1CC8}'
Here is some information about PowerShell syntax with curley braces:
以下是有关使用curley括号的PowerShell语法的一些信息:
#4
Looking at the syntax for the netsh command, I saw this example:
看一下netsh命令的语法,我看到了这个例子:
add sslcert ipport=1.1.1.1:443 certhash=0102030405060708090A0B0C0D0E0F1011121314 appid={00112233-4455-6677-8899-AABBCCDDEEFF}
By the looks of it, your problem is that you're doing
从它的外观来看,你的问题就在于你正在做的事情
ipport:10.141.146.227:7001
^
as opposed to
而不是
ipport=10.141.146.227:7001
^
#5
Copying the certificate thumbprint from the Certificate\Details\Thumbprint would prepend the thumbprint value with the the bytes '3f38' which, when converted to ANSI were shown as a '?'. This hidden value caused the issue for me.
从Certificate \ Details \ Thumbprint复制证书指纹将在指纹值前加上字节'3f38',当转换为ANSI时,它们显示为'?'。这个隐藏的价值给我带来了问题。
I pasted the value into notepad++, chose 'Encoding' > 'Convert to ANSI', then I manually removed the prepended '?' characters. I would then have a clean thumbprint value to use.
我将值粘贴到记事本++,选择'编码'>'转换为ANSI',然后我手动删除前置'?'字符。然后我会有一个干净的指纹值来使用。
#6
- Copy the command into notepad
- Save it as ANSI
- Close and reopen the file
- Remove bogus ? characters
- Copy from notepad to the command prompt and run the command
将命令复制到记事本中
将其另存为ANSI
关闭并重新打开该文件
删除虚假?人物
从记事本复制到命令提示符并运行该命令
#7
I was getting this error as well when I was just getting started with http.sys. After I ran:
当我刚刚开始使用http.sys时,我也遇到了这个错误。我跑了之后:
netsh http add iplisten ipaddress=0.0.0.0
then the netsh http add sslcert
commands started behaving properly.
然后netsh http add sslcert命令开始正常运行。
#8
In my case the problem is that I following the microsoft inscructions I copied the thumbprint from the SSL window. the thing is that doing so copies non-printable character at the beginning of the hash.
在我的情况下,问题是我遵循微软的inscructions我从SSL窗口复制指纹。问题在于,这样做会在哈希开头复制不可打印的字符。
Try to paste the thumbprint into notepad and then press home and pres delete twice (until the first char from the thumbprint is deleted) and the re-add the char. You can see the char if you copy the thumbprint and paste it into cmd:
尝试将指纹粘贴到记事本中,然后按home并预先删除两次(直到删除指纹中的第一个字符)并重新添加字符。如果您复制指纹并将其粘贴到cmd中,则可以看到char:
#9
I faced this problem several times and every time it had a different cause, so I decided to write the causes and exact command that worked for me.
我几次遇到这个问题,每次都有不同的原因,所以我决定写出对我有用的原因和确切的命令。
Here are some causes:
以下是一些原因:
1- Copy and pasting certificate thumbprint from windows dialog adds a hidden character to your hash. It is not visible in text editors but you need to remove the character to make it work.
1-从Windows对话框复制和粘贴证书指纹会为哈希添加隐藏字符。它在文本编辑器中不可见,但您需要删除该字符才能使其正常工作。
2- SSL thumbprint should be available in Personal -> Certificates to work with localhost.
2-个人指南中的SSL指纹应该可用 - >证书可以使用localhost。
3-It should be 'ipport=' not 'ipport:'
3 - 应该'ipport ='不'支持:'
4- SSL certificate should have a private key. If you are using certificate management console, make sure that it has a little key icon on the certificate view.
4- SSL证书应该有私钥。如果您使用的是证书管理控制台,请确保它在证书视图上有一个小的密钥图标。
5- GUID should be defined in full format: {a10b0420-a21f-45de-a1f8-818b5001145a}, and it should have one quote in powershell: '{a10b0420-a21f-45de-a1f8-818b5001145a}' Thus, PowerShell format is different from command line.
5- GUID应该以完整格式定义:{a10b0420-a21f-45de-a1f8-818b5001145a},它应该在powershell中有一个引用:'{a10b0420-a21f-45de-a1f8-818b5001145a}'因此,PowerShell格式不同从命令行。
6- SSL Cert should have complete characters with all padding '0's and without any space. You may copy thumbprint (be careful to remove special hidden character) and remove spaces, or use 'netsh http show sslcert' to get the value if the certificate is already registered for another address.
6- SSL Cert应具有完整的字符,所有填充为0且没有任何空格。您可以复制指纹(小心删除特殊隐藏字符)并删除空格,或者如果证书已经注册了另一个地址,则使用'netsh http show sslcert'来获取值。
What worked for me:
什么对我有用:
Here is the exact command that worked for me in powershell:
这是在powershell中对我有用的确切命令:
netsh http add sslcert ipport=0.0.0.0:20001 certhash=5304c034548b27c72b5e9c14f0c7bdd13e52d760 appid='{a10b0420-a21f-45de-a1f8-818b5001145a}'
And here is the command line statement:
这是命令行声明:
netsh
http add sslcert ipport=0.0.0.0:20001 certhash=5304c034548b27c72b5e9c14f0c7bdd13e52d760 appid={a10b0420-a21f-45de-a1f8-818b5001145a}
More commands to help you avoid related problems:
更多命令可帮助您避免相关问题:
Use the following command to see current registered certificate. You may find and reuse certhash or your appid from there:
使用以下命令查看当前已注册的证书。您可以从那里找到并重用certhash或appid:
netsh http show sslcert
If the certificate is already registered with similar ip and port, you need to remove it. I found it cause problem with localhost, 127.0.0.1 and 0.0.0.0. You need to have only 0.0.0.0 registered in your testing environment. Use the following command to remove potential corrupted certificates:
如果证书已经注册了类似的IP和端口,则需要将其删除。我发现它导致localhost,127.0.0.1和0.0.0.0出现问题。您需要在测试环境中仅注册0.0.0.0。使用以下命令删除可能已损坏的证书:
netsh http delete sslcert ipport=0.0.0.0:20001
#10
I ran across this question while looking for a solution to the problem. I finally found one that worked for me.
我在寻找问题的解决方案时遇到了这个问题。我终于找到了一个适合我的方法。
My certhash
parameter wasn't fully 20 bytes long. I had to pad it with zeroes in front to get it to work.
我的certhash参数不是完全20字节长。我不得不在前面用零填充它以使其工作。
So, instead of
所以,而不是
certhash=112233445566778899aabbccddeeff00
, I had to do this:
certhash = 112233445566778899aabbccddeeff00,我必须这样做:
certhash=00000000112233445566778899aabbccddeeff00
.
Hope this helps.
希望这可以帮助。
#11
Sir, you have ipport: rather than ipport= which is easy to do since you follow that with ip:port
先生,你有ipport:而不是ipport =这很容易做,因为你跟着它用ip:port
Also, watch out for the { versus < or (, that has also gotten me in the past.
另外,请注意{对 <或(,这也是过去让我得到的)。< p>
#12
Using the Serial number instead of the Thumbprint for the certhash parameter will cause this error because of the difference in the amount of characters. Padding with 0s will change the error to SSL Certificate add failed, Error: 1312
对于certhash参数使用序列号而不是Thumbprint将导致此错误,因为字符数不同。使用0填充将更改错误为SSL证书添加失败,错误:1312
#13
Watch out, if you have a DNS Name as a Binding use hostnameport instead of ipport
注意,如果你有一个DNS名称作为绑定使用hostnameport而不是ipport
netsh http delete sslcert hostnameport=domainame.com:443
I had to delete ADFS Proxy Bindings for Office 365 Single-Sign On.
我不得不删除Office 365单点登录的ADFS代理绑定。
#14
there were a few things i did that i thought made it work after getting the same "The parameter is incorrect." Error.
有一些我做过的事情,我认为在得到相同的“参数不正确”之后才能正常工作。错误。
1) restarted machine and did it again. it worked the first time. 2) made sure i was in c:\ and put the command again after restarting didn't work
1)重新启动机器并再次执行。它第一次工作。 2)确保我在c:\并在重新启动后再次执行命令不起作用
i couldn't explain why but i think that maybe both times, there was something else wrong. because the third time this happened to me,
我无法解释为什么,但我想也许两次,还有其他错误。因为第三次发生在我身上,
3) i went through the thumbprint of my CA (not the issued server cert) and copied it again from the MMC and it worked.
3)我浏览了我的CA的指纹(不是已发布的服务器证书)并再次从MMC复制它并且它工作。
after this happened, i deleted it again (netsh http delete sslcert ipport=0.0.0.0:) and repeated the process using the thumbprint of the server certificate. The darned thing worked again.
发生这种情况后,我再次将其删除(netsh http delete sslcert ipport = 0.0.0.0 :)并使用服务器证书的指纹重复该过程。愚蠢的事情再次起作用。
I dunno, just try going through the same thing I did. maybe one of these would work. In the end, i suspect that I entered a bogus space or character in the certhash.
我不知道,只是尝试经历我做的同样的事情。也许其中一个会起作用。最后,我怀疑我在certhash中进入虚假空间或角色。
#15
This will work from the PowerShell commadline:
这将适用于PowerShell commadline:
$AppId = [Guid]::NewGuid().Guid
$Hash = "209966E2BEDA57E3DB74FD4B1E7266F43EB7B56D"
netsh http add sslcert hostname=localhost:8088 certhash=$Hash appid=`{$AppId`} certstorename my
The important details are to escape each { } with a backtick (`) and not to omit certstorename. Otherwise netsh raises an error 87.
重要的细节是使用反引号(`)转义每个{}而不是省略certstorename。否则netsh会引发错误87。
The variables are just for sake of convenience.
变量只是为了方便起见。
#16
The "-"s are NOT irrelevant. If your guid doesnt look exactly like this you will get the incorrect parameter error: {EDE3C891-306C-40fe-BAD4-895B236A1CC8} vs. EDE3C891306C40feBAD4895B236A1CC8 -> WRONG {EDE3C891306C40feBAD4895B236A1CC8} -> WRONG
“ - ”并不是无关紧要的。如果您的guid看起来不完全像这样,您将得到错误的参数错误:{EDE3C891-306C-40fe-BAD4-895B236A1CC8}与EDE3C891306C40feBAD4895B236A1CC8 - >错误{EDE3C891306C40feBAD4895B236A1CC8} - >错误
Also Im using the guid for the appid of the IIS, not a random one.
我也使用guid作为IIS的appid,而不是随机的。
#17
I must have ended up mangling the relationship between VS and IIS Express by deleting the localhost certificate. I was really stuck. The app wouldn't start and nothing I could do seemed to correct this disconnect (which is want brought me to this thread to begin with).
我必须通过删除localhost证书来破坏VS和IIS Express之间的关系。我真的被卡住了。该应用程序无法启动,我无能为力似乎纠正了这个断开连接(这需要我开始使用此线程)。
I was finally able to get over the issue by changing the assigned port on the non-SSL URL (launchSettings.json
in .NET Core apps) and disabling the Enable SSL checkbox in the project settings and taking a fresh start. I was then able to add my newly created cert with this command: netsh http add sslcert ipport=0.0.0.0:44392 appid={214124cd-d05b-4309-9af9-9caa44b2b74b} certhash=A0ADC1A1002F288CCFA96261F9F352D28C675A90
.
我终于能够通过更改非SSL URL上的已分配端口(.NET Core应用程序中的launchSettings.json)并禁用项目设置中的启用SSL复选框并重新开始来解决此问题。然后我可以使用以下命令添加我新创建的证书:netsh http add sslcert ipport = 0.0.0.0:44392 appid = {214124cd-d05b-4309-9af9-9caa44b2b74b} certhash = A0ADC1A1002F288CCFA96261F9F352D28C675A90。
Also, note that the appid
variable is not a reflection of your VS project AppID (or at least it doesn't have to be). It's just an arbitrary GUID, according to Scott Hanselmann:
另请注意,appid变量不是VS项目AppID的反映(或者至少不是必须的)。根据Scott Hanselmann的说法,这只是一个任意的GUID:
The AppId doesn't really matter, its just a GUID. This tells HTTP.SYS that we're using that certificate.
AppId并不重要,它只是一个GUID。这告诉HTTP.SYS我们正在使用该证书。
This was not obvious to me and made dealing with the parameter is incorrect error that much more obscure.
这对我来说并不明显,并且处理参数是错误的错误更加模糊。
If you're experiencing similar issues, good luck. I believe in you. Ping me if you're feeling lost and alone. Maybe I can remember something by then! :D
如果你遇到类似的问题,祝你好运。我相信你。如果你感到迷茫和孤独,请打我。也许到那时我还能记住一些东西! :d
#18
It could be useful to add my resolution in this thread :
在此线程中添加我的分辨率可能很有用:
I was trying to add an ippport with the hostnameport parameter so I got this parameter error.
我试图添加一个带有hostnameport参数的ippport,所以我得到了这个参数错误。
netsh http add sslcert hostnameport="10.0.0.120:443"
netsh http add sslcert hostnameport =“10.0.0.120:443”
Instead of :
代替 :
netsh http add sslcert ipport="10.0.0.120:443"
netsh http add sslcert ipport =“10.0.0.120:443”
Cya !
#1
In PowerShell just type as follows. first get into netsh http mode and then add sslcert. It's worked for me.
在PowerShell中输入如下内容。首先进入netsh http模式,然后添加sslcert。它对我有用。
>netsh
netsh>http
netsh http>add sslcert ipport=0.0.0.0:13286 appid='{a5455c78-6489-4e13-b395-47fbdee0e7e6}' certhash=<thumprint without space>
#2
Another possible cause for this problem is hidden characters being copied from the Certificate Manager page. If you copy the thumbprint from the details window in Certificates, check for a hidden character at the start (use your arrow keys!). This was the cause for me of the "The Parameter is Incorrect" error message.
此问题的另一个可能原因是从证书管理器页面复制隐藏的字符。如果从“证书”中的详细信息窗口复制指纹,请在开始时检查隐藏字符(使用箭头键!)。这是我的“参数不正确”错误消息的原因。
#3
The PowerShell command line and PowerShell scripts in ps1 files will think curley-braces {...} are PowerShell directives. So quote them. Otherwise, as you have seen, PowerShell will be confused.
ps1文件中的PowerShell命令行和PowerShell脚本会认为curley-braces {...}是PowerShell指令。引用它们。否则,正如您所见,PowerShell将会感到困惑。
So rather than this (which you found fails):
所以,而不是这(你发现失败):
netsh http add sslcert ipp ort:10.141.146.227:7001 certhash=5d48e604007b867ae8a69260a4ad318d2c05d8ff appid= {EDE3C891-306C-40fe-BAD4-895B236A1CC8}
Do this (note the single quotes):
这样做(注意单引号):
netsh http add sslcert ipp ort:10.141.146.227:7001 certhash=5d48e604007b867ae8a69260a4ad318d2c05d8ff appid= '{EDE3C891-306C-40fe-BAD4-895B236A1CC8}'
Here is some information about PowerShell syntax with curley braces:
以下是有关使用curley括号的PowerShell语法的一些信息:
#4
Looking at the syntax for the netsh command, I saw this example:
看一下netsh命令的语法,我看到了这个例子:
add sslcert ipport=1.1.1.1:443 certhash=0102030405060708090A0B0C0D0E0F1011121314 appid={00112233-4455-6677-8899-AABBCCDDEEFF}
By the looks of it, your problem is that you're doing
从它的外观来看,你的问题就在于你正在做的事情
ipport:10.141.146.227:7001
^
as opposed to
而不是
ipport=10.141.146.227:7001
^
#5
Copying the certificate thumbprint from the Certificate\Details\Thumbprint would prepend the thumbprint value with the the bytes '3f38' which, when converted to ANSI were shown as a '?'. This hidden value caused the issue for me.
从Certificate \ Details \ Thumbprint复制证书指纹将在指纹值前加上字节'3f38',当转换为ANSI时,它们显示为'?'。这个隐藏的价值给我带来了问题。
I pasted the value into notepad++, chose 'Encoding' > 'Convert to ANSI', then I manually removed the prepended '?' characters. I would then have a clean thumbprint value to use.
我将值粘贴到记事本++,选择'编码'>'转换为ANSI',然后我手动删除前置'?'字符。然后我会有一个干净的指纹值来使用。
#6
- Copy the command into notepad
- Save it as ANSI
- Close and reopen the file
- Remove bogus ? characters
- Copy from notepad to the command prompt and run the command
将命令复制到记事本中
将其另存为ANSI
关闭并重新打开该文件
删除虚假?人物
从记事本复制到命令提示符并运行该命令
#7
I was getting this error as well when I was just getting started with http.sys. After I ran:
当我刚刚开始使用http.sys时,我也遇到了这个错误。我跑了之后:
netsh http add iplisten ipaddress=0.0.0.0
then the netsh http add sslcert
commands started behaving properly.
然后netsh http add sslcert命令开始正常运行。
#8
In my case the problem is that I following the microsoft inscructions I copied the thumbprint from the SSL window. the thing is that doing so copies non-printable character at the beginning of the hash.
在我的情况下,问题是我遵循微软的inscructions我从SSL窗口复制指纹。问题在于,这样做会在哈希开头复制不可打印的字符。
Try to paste the thumbprint into notepad and then press home and pres delete twice (until the first char from the thumbprint is deleted) and the re-add the char. You can see the char if you copy the thumbprint and paste it into cmd:
尝试将指纹粘贴到记事本中,然后按home并预先删除两次(直到删除指纹中的第一个字符)并重新添加字符。如果您复制指纹并将其粘贴到cmd中,则可以看到char:
#9
I faced this problem several times and every time it had a different cause, so I decided to write the causes and exact command that worked for me.
我几次遇到这个问题,每次都有不同的原因,所以我决定写出对我有用的原因和确切的命令。
Here are some causes:
以下是一些原因:
1- Copy and pasting certificate thumbprint from windows dialog adds a hidden character to your hash. It is not visible in text editors but you need to remove the character to make it work.
1-从Windows对话框复制和粘贴证书指纹会为哈希添加隐藏字符。它在文本编辑器中不可见,但您需要删除该字符才能使其正常工作。
2- SSL thumbprint should be available in Personal -> Certificates to work with localhost.
2-个人指南中的SSL指纹应该可用 - >证书可以使用localhost。
3-It should be 'ipport=' not 'ipport:'
3 - 应该'ipport ='不'支持:'
4- SSL certificate should have a private key. If you are using certificate management console, make sure that it has a little key icon on the certificate view.
4- SSL证书应该有私钥。如果您使用的是证书管理控制台,请确保它在证书视图上有一个小的密钥图标。
5- GUID should be defined in full format: {a10b0420-a21f-45de-a1f8-818b5001145a}, and it should have one quote in powershell: '{a10b0420-a21f-45de-a1f8-818b5001145a}' Thus, PowerShell format is different from command line.
5- GUID应该以完整格式定义:{a10b0420-a21f-45de-a1f8-818b5001145a},它应该在powershell中有一个引用:'{a10b0420-a21f-45de-a1f8-818b5001145a}'因此,PowerShell格式不同从命令行。
6- SSL Cert should have complete characters with all padding '0's and without any space. You may copy thumbprint (be careful to remove special hidden character) and remove spaces, or use 'netsh http show sslcert' to get the value if the certificate is already registered for another address.
6- SSL Cert应具有完整的字符,所有填充为0且没有任何空格。您可以复制指纹(小心删除特殊隐藏字符)并删除空格,或者如果证书已经注册了另一个地址,则使用'netsh http show sslcert'来获取值。
What worked for me:
什么对我有用:
Here is the exact command that worked for me in powershell:
这是在powershell中对我有用的确切命令:
netsh http add sslcert ipport=0.0.0.0:20001 certhash=5304c034548b27c72b5e9c14f0c7bdd13e52d760 appid='{a10b0420-a21f-45de-a1f8-818b5001145a}'
And here is the command line statement:
这是命令行声明:
netsh
http add sslcert ipport=0.0.0.0:20001 certhash=5304c034548b27c72b5e9c14f0c7bdd13e52d760 appid={a10b0420-a21f-45de-a1f8-818b5001145a}
More commands to help you avoid related problems:
更多命令可帮助您避免相关问题:
Use the following command to see current registered certificate. You may find and reuse certhash or your appid from there:
使用以下命令查看当前已注册的证书。您可以从那里找到并重用certhash或appid:
netsh http show sslcert
If the certificate is already registered with similar ip and port, you need to remove it. I found it cause problem with localhost, 127.0.0.1 and 0.0.0.0. You need to have only 0.0.0.0 registered in your testing environment. Use the following command to remove potential corrupted certificates:
如果证书已经注册了类似的IP和端口,则需要将其删除。我发现它导致localhost,127.0.0.1和0.0.0.0出现问题。您需要在测试环境中仅注册0.0.0.0。使用以下命令删除可能已损坏的证书:
netsh http delete sslcert ipport=0.0.0.0:20001
#10
I ran across this question while looking for a solution to the problem. I finally found one that worked for me.
我在寻找问题的解决方案时遇到了这个问题。我终于找到了一个适合我的方法。
My certhash
parameter wasn't fully 20 bytes long. I had to pad it with zeroes in front to get it to work.
我的certhash参数不是完全20字节长。我不得不在前面用零填充它以使其工作。
So, instead of
所以,而不是
certhash=112233445566778899aabbccddeeff00
, I had to do this:
certhash = 112233445566778899aabbccddeeff00,我必须这样做:
certhash=00000000112233445566778899aabbccddeeff00
.
Hope this helps.
希望这可以帮助。
#11
Sir, you have ipport: rather than ipport= which is easy to do since you follow that with ip:port
先生,你有ipport:而不是ipport =这很容易做,因为你跟着它用ip:port
Also, watch out for the { versus < or (, that has also gotten me in the past.
另外,请注意{对 <或(,这也是过去让我得到的)。< p>
#12
Using the Serial number instead of the Thumbprint for the certhash parameter will cause this error because of the difference in the amount of characters. Padding with 0s will change the error to SSL Certificate add failed, Error: 1312
对于certhash参数使用序列号而不是Thumbprint将导致此错误,因为字符数不同。使用0填充将更改错误为SSL证书添加失败,错误:1312
#13
Watch out, if you have a DNS Name as a Binding use hostnameport instead of ipport
注意,如果你有一个DNS名称作为绑定使用hostnameport而不是ipport
netsh http delete sslcert hostnameport=domainame.com:443
I had to delete ADFS Proxy Bindings for Office 365 Single-Sign On.
我不得不删除Office 365单点登录的ADFS代理绑定。
#14
there were a few things i did that i thought made it work after getting the same "The parameter is incorrect." Error.
有一些我做过的事情,我认为在得到相同的“参数不正确”之后才能正常工作。错误。
1) restarted machine and did it again. it worked the first time. 2) made sure i was in c:\ and put the command again after restarting didn't work
1)重新启动机器并再次执行。它第一次工作。 2)确保我在c:\并在重新启动后再次执行命令不起作用
i couldn't explain why but i think that maybe both times, there was something else wrong. because the third time this happened to me,
我无法解释为什么,但我想也许两次,还有其他错误。因为第三次发生在我身上,
3) i went through the thumbprint of my CA (not the issued server cert) and copied it again from the MMC and it worked.
3)我浏览了我的CA的指纹(不是已发布的服务器证书)并再次从MMC复制它并且它工作。
after this happened, i deleted it again (netsh http delete sslcert ipport=0.0.0.0:) and repeated the process using the thumbprint of the server certificate. The darned thing worked again.
发生这种情况后,我再次将其删除(netsh http delete sslcert ipport = 0.0.0.0 :)并使用服务器证书的指纹重复该过程。愚蠢的事情再次起作用。
I dunno, just try going through the same thing I did. maybe one of these would work. In the end, i suspect that I entered a bogus space or character in the certhash.
我不知道,只是尝试经历我做的同样的事情。也许其中一个会起作用。最后,我怀疑我在certhash中进入虚假空间或角色。
#15
This will work from the PowerShell commadline:
这将适用于PowerShell commadline:
$AppId = [Guid]::NewGuid().Guid
$Hash = "209966E2BEDA57E3DB74FD4B1E7266F43EB7B56D"
netsh http add sslcert hostname=localhost:8088 certhash=$Hash appid=`{$AppId`} certstorename my
The important details are to escape each { } with a backtick (`) and not to omit certstorename. Otherwise netsh raises an error 87.
重要的细节是使用反引号(`)转义每个{}而不是省略certstorename。否则netsh会引发错误87。
The variables are just for sake of convenience.
变量只是为了方便起见。
#16
The "-"s are NOT irrelevant. If your guid doesnt look exactly like this you will get the incorrect parameter error: {EDE3C891-306C-40fe-BAD4-895B236A1CC8} vs. EDE3C891306C40feBAD4895B236A1CC8 -> WRONG {EDE3C891306C40feBAD4895B236A1CC8} -> WRONG
“ - ”并不是无关紧要的。如果您的guid看起来不完全像这样,您将得到错误的参数错误:{EDE3C891-306C-40fe-BAD4-895B236A1CC8}与EDE3C891306C40feBAD4895B236A1CC8 - >错误{EDE3C891306C40feBAD4895B236A1CC8} - >错误
Also Im using the guid for the appid of the IIS, not a random one.
我也使用guid作为IIS的appid,而不是随机的。
#17
I must have ended up mangling the relationship between VS and IIS Express by deleting the localhost certificate. I was really stuck. The app wouldn't start and nothing I could do seemed to correct this disconnect (which is want brought me to this thread to begin with).
我必须通过删除localhost证书来破坏VS和IIS Express之间的关系。我真的被卡住了。该应用程序无法启动,我无能为力似乎纠正了这个断开连接(这需要我开始使用此线程)。
I was finally able to get over the issue by changing the assigned port on the non-SSL URL (launchSettings.json
in .NET Core apps) and disabling the Enable SSL checkbox in the project settings and taking a fresh start. I was then able to add my newly created cert with this command: netsh http add sslcert ipport=0.0.0.0:44392 appid={214124cd-d05b-4309-9af9-9caa44b2b74b} certhash=A0ADC1A1002F288CCFA96261F9F352D28C675A90
.
我终于能够通过更改非SSL URL上的已分配端口(.NET Core应用程序中的launchSettings.json)并禁用项目设置中的启用SSL复选框并重新开始来解决此问题。然后我可以使用以下命令添加我新创建的证书:netsh http add sslcert ipport = 0.0.0.0:44392 appid = {214124cd-d05b-4309-9af9-9caa44b2b74b} certhash = A0ADC1A1002F288CCFA96261F9F352D28C675A90。
Also, note that the appid
variable is not a reflection of your VS project AppID (or at least it doesn't have to be). It's just an arbitrary GUID, according to Scott Hanselmann:
另请注意,appid变量不是VS项目AppID的反映(或者至少不是必须的)。根据Scott Hanselmann的说法,这只是一个任意的GUID:
The AppId doesn't really matter, its just a GUID. This tells HTTP.SYS that we're using that certificate.
AppId并不重要,它只是一个GUID。这告诉HTTP.SYS我们正在使用该证书。
This was not obvious to me and made dealing with the parameter is incorrect error that much more obscure.
这对我来说并不明显,并且处理参数是错误的错误更加模糊。
If you're experiencing similar issues, good luck. I believe in you. Ping me if you're feeling lost and alone. Maybe I can remember something by then! :D
如果你遇到类似的问题,祝你好运。我相信你。如果你感到迷茫和孤独,请打我。也许到那时我还能记住一些东西! :d
#18
It could be useful to add my resolution in this thread :
在此线程中添加我的分辨率可能很有用:
I was trying to add an ippport with the hostnameport parameter so I got this parameter error.
我试图添加一个带有hostnameport参数的ippport,所以我得到了这个参数错误。
netsh http add sslcert hostnameport="10.0.0.120:443"
netsh http add sslcert hostnameport =“10.0.0.120:443”
Instead of :
代替 :
netsh http add sslcert ipport="10.0.0.120:443"
netsh http add sslcert ipport =“10.0.0.120:443”
Cya !