Hello,
I am moving an IIS system from Server 2003 to Server 2008 R2, the site requires that the SSLBinding works with specific set CA's (less then what is in the CA Store) thus why the use of a CTL.
I had sucessfully setup the CTL in Server 2008, however i am having problems creating a CTL in Server 2008 R2.
MakeCTL on Server 2008 R2, runs however when adding a certificate to the CTL from the Local Machines Store the list of certificates is empty (Although they exist within the Store). However to get around this i used the alternate method (export the Certificate and add it to the CTL from a file). The CTL was created and added to the Store successfully.
When attempting to setup the SSLBinding, using the following command:
netsh http add sslcert ipport=0.0.0.0:443 certhash={hash here} appid={4dc3e181-e14b-4a21-b022-59fc669b0914} certstorename=MY sslctlidentifier={the identifier} sslctlstorename=CA
(I have removed the Hash and Identifier.)
I get the very common error of:
SSL Certificate add failed, Error: 1312 A specified logon session does not exist. It may already have been terminated.
When i was getting this error in Server 2008, it was due to the CTL's Identifer being the same as the friendly name.
Also after looking in the Local Machine Store, i noticed new Stores named "C{", and "M{" and other strange names which should not be there. Which lead me to believe that Server 2008 R2 has changes that have broken the MakeCTL program. (I have MakeCTL File
Version 5.131.3790.0)
The other thing i noticed is that Microsoft has dropped MakeCTL from the new Windows SDK's. Is there another program i can use that has the same functionality as MakeCTL but will work with Server 2008 R2?
Or is there another method of Adding CTL's/Creating them?
Or is there a different way to limit the accepted CA's?
Thanks in advance for your help.