5

I am using the following netsh command successfully:

netsh http add sslcert ipport=127.0.0.1:9000 appid={7B8DB713-2C51-41B5-AE6F-6DAA07833DBE} certhash=69fed34fdf164e7feac5e17823b94d0f30ab05c5

but when I change the "ipport=..." to "hostnameport" it doesn't work:

netsh http add sslcert hostnameport=localhost:9000 appid={7B8DB713-2C51-41B5-AE6F-6DAA07833DBE} certhash=69fed34fdf164e7feac5e17823b94d0f30ab05c5

I get the following error: SSL Certificate add failed, Error: 87 The parameter is incorrect.

This is the ONLY THING I've changed in the command. I am still running as administrator, same exact command prompt. Why am I getting this error?

Improve this question

1 Answer 1

Reset to default
11

The problem is a bug in the netsh command. When using "hostnameport" you must also add the "certstorename=MY" parameter. This is the default value for certstorename, and it is explicitly documented as optional. So my new command is:

netsh http add sslcert hostnameport=localhost:9000 appid={7B8DB713-2C51-41B5-AE6F-6DAA07833DBE} certhash=69fed34fdf164e7feac5e17823b94d0f30ab05c5 certstorename=MY
Improve this answer
1
  • 1
    Reading the content of the ? command, it does state that certstorename is required for hostname configurations. Seems arbitrary, and thanks to your searching I found what I needed. The help docs: certstorename - Store name for the certificate. Required for Hostname based configurations. Defaults to MY for IP based configurations. Certificate must be stored in the local machine context.
    – Tyler StandishMan
    Commented Jul 7, 2022 at 20:06

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .