Search code examples
ssliisnetshcertutilwindows-server-2022

"The parameter is incorrect" error using "netsh http add sslcert" on Windows Server 2022

I have an "The parameter is incorrect." error on Windows Server 2022

I obtain the appid from certutil -store "MY" %SSL_DOMAIN% ^| find "Key Container"

Cert Hash(sha1): 6d5b92e25d056dc1c6dc671672e0dd2363ea1aac Key Container = !002a.fz-win.tk-2a270cf2-6652-4e79-81ce-36087def3cc2 Provider = Microsoft Software Key Storage Provider

And then use this "Key Container" value to set appid parameter

netsh http add sslcert hostnameport=xxxxxx:443 certstorename=MY certhash=6d5b92e25d056dc1c6dc671672e0dd2363ea1aac appid=!002a.fz-win.tk-f2ee0730-9396-4a0a-8fdb-d62e126a753a

The appid format is wrong and I think that the problem is with the provider on certutil.

These commands are for associate SSL certificate to binding. These commands in legacy windows server work fine. Please can you help me .

These commands are to associate SSL certificate to binding.

Solution

  • [appid=GUID] Specifies the GUID to identify the owning application.

    1. You need to specify an "appId", which is a Globally Unique Identifier (GUID) or Universally Unique Identifier (UUID) that Windows will use to identify the certificate.
    2. If you have Visual Studio, you can use Tools -> Create GUID -> Choose "4. Registry Format".
    3. There is a "free" GUID generator online https://guidgenerator.com/online-guid-generator.aspx.
    4. Or create your own: https://en.wikipedia.org/wiki/Universally_unique_identifier

    The command will look like this, just as an example:

    netsh http add sslcert hostnameport=xxxxxx:443 certstorename=MY certhash=6d5b92e25d056dc1c6dc671672e0dd2363ea1aac appid={00112233-4455-6677-8899-AABBCCDDEEFF}

    Related reference links:

    https://learn.microsoft.com/en-us/windows/win32/http/add-sslcert

    https://superuser.com/questions/1094209/appid-or-guid-of-a-running-service

    What 'appid' should I use with netsh.exe?