windows icon indicating copy to clipboard operation
windows copied to clipboard

Published 20 hours ago verified publisher icon chef-boneyard

SSL Certificate add failed, Error: 1312 A specified logon session does not exist. It may already have been terminated

Open anil1890 opened this issue 5 years ago • 2 comments

Getting error "SSL Certificate add failed, Error: 1312 A specified logon session does not exist. It may already have been terminated"

windows_certificate "C:/tmp/cert/certpfx.pfx" do
  pfx_password "12345"
  user_store false
end
windows_certificate_binding 'Binding' do
  action :create
  name 'CN=www.demo.com'
  name_kind :subject
  store_name "MY"
  port 443
  address '0.0.0.0'
end

After googling find that this is not working due to "Allow Export " is not setting true while import certificate I can able to install same certificate manually with allow export true

Please help how to resolve this.

also same thing working fine using powershell script

powershell_script 'Cert_install' do
  code <<-EOH
    $securePWD = ConvertTo-SecureString "#{node.run_state['path_values']['certpwd']}" -AsPlainText -Force
    Import-PfxCertificate -FilePath "#{node['br_ics_ppi_app_app']['cert']}/pfx.txt" -CertStoreLocation cert:\\LocalMachine\\My -Password $securePWD
    Import-Certificate -FilePath "#{node['br_ics_ppi_app_app']['cert']}/certchain.txt" -CertStoreLocation Cert:\\LocalMachine\\CA
    Import-Certificate -FilePath "#{node['br_ics_ppi_app_app']['cert']}/certroot.txt" -CertStoreLocation Cert:\\LocalMachine\\Root
    & {iisreset}
  EOH
  notifies :run, 'powershell_script[add_cert_website]', :immediately
  not_if "[bool](dir cert:\\LocalMachine\\My | ? { $_.subject -like '*#{node.run_state['path_values']['r53privzone']}*'})"
end
powershell_script 'add_cert_website' do
  code <<-EOH
    $cert_name = "#{node.run_state['path_values']['r53privzone']}"
    $cert_name = "*" + $cert_name.Trimend('.') + "*"
    $ssl_web_site_name = "#{node['br_ics_ppi_app_app']['site_name']}"
    $hostname = "#{node.run_state['path_values']['r53privzone']}"
    $hostname = $cert_name.Trimend('.')
    $ssl_web_site_port = 443
    $guid_value = [GUID]::NewGUID().ToString('B')
    $cert_thumb = $null
    $cert_thumb = (Get-ChildItem cert:\\LocalMachine\\My | where-object { $_.Subject -like $cert_name } | Select-Object -First 1).Thumbprint
    Get-WebBinding -Port $ssl_web_site_port -Name "$ssl_web_site_name" | Remove-WebBinding
    New-WebBinding -Name "$ssl_web_site_name" -IP "*" -Port $ssl_web_site_port -Protocol https
    netsh http show sslcert ipport=0.0.0.0:$ssl_web_site_port
    if ($LASTEXITCODE -eq 1) {
	    netsh http add sslcert ipport=0.0.0.0:$ssl_web_site_port certhash=$cert_thumb appid=$guid_value
    }
    Import-Module WebAdministration
    Stop-WebSite $ssl_web_site_name
    Start-WebSite $ssl_web_site_name
  EOH
  action :nothing
end

We use GitHub issues to track bugs and feature requests. If you need help please post to our Mailing List or join the Chef Community Slack.

  • Chef Community Slack at http://community-slack.chef.io/.
  • Chef Mailing List https://discourse.chef.io/

Support issues opened here will be closed and redirected to Slack or Discourse.

anil1890 avatar Jan 28 '20 05:01 anil1890

Hey There It looks like this is the first issue you've filed against the chef-cookbooks project. I'm here to offer you a bit of extra help to make sure we can quickly get back to you. Make sure you've filled out all the fields in our issue template. Make sure you've provided us with the version of chef-client you're running, your operating system and the version of the cookbook. If you're not using the most up to date version of the cookbook then please make sure to update first. Lots of things change between versions even if you're issue isn't listed in the changelog. Finally please give us a detailed description of the issue you're having. The more we know about what you're trying to do, what actually happens, and how you can reproduce the problem, the better.

If you're looking for more immediate troubleshooting help make sure to check out #general on the Chef Community Slack. There's plenty of folks there willing to lend a helping hand. Thanks for the first issue. We hope we can get back to you soon with a solution.

welcomebot avatar Jan 28 '20 05:01 welcomebot

Sorry to necro an old issue, but I put this together for someone that had the dreaded 1312 issue. TLDR, generate your CSR using OpenSSL, use that to get your cert, then use OpenSSL to merge in your private key and convert to PFX, then install the PFX file.

https://github.com/jchristn/WatsonWebserver/blob/master/Documentation/OpenSSLCertificates.md

jchristn avatar Jun 22 '22 17:06 jchristn