0

Below error prevents deployment of my web application on IIS.

Exact error msg:

2023-01-10T09:37:12.3948952Z ##[command]"netsh" http show sslcert ipport=0.0.0.0:460
2023-01-10T09:37:12.4640383Z ##[command]"netsh" http add sslcert ipport=0.0.0.0:460 certhash=*** appid={2f458-f070-403b-bb53-5e35ff05701} certstorename=MY
2023-01-10T09:37:12.4983107Z 
2023-01-10T09:37:12.4983504Z SSL Certificate add failed, Error: 183
2023-01-10T09:37:12.4988896Z Cannot create a file when that file already exists.

I tried as mentioned in few of stack overflow answers.

In Netsh, I tried deleting the old certificate if already bounded, but says deletion failed, and cant find file.

netsh>http delete sslcert ipport=0.0.0.0:460

SSL Certificate deletion failed, Error: 2
The system cannot find the file specified.

Would appreciate your help. Thanks.

st27
  • 9
  • 1
  • 6
  • As only IIS 8 and above is supported by Microsoft, you should try very best to avoid adding IP based certificate mappings. Stick to SNI based mappings please, https://docs.jexusmanager.com/tutorials/https-binding.html#sni-based-bindings – Lex Li Jan 10 '23 at 15:58
  • @LexLi A new certificate was created by IT recently (for my web application). I believe they have done IP based mapping. This is my first deployment after the new certificate, which results in this error. With old certificate, the deployment was fine. I would appreciate if you could let me know how I can proceed in this scenario. – st27 Jan 10 '23 at 21:31
  • You can ignore the old IP based mapping and add SNI based mappings. The latter takes higher priority so should work flawlessly for you. – Lex Li Jan 10 '23 at 23:50

1 Answers1

0

About adding an SSL certificate, you can refer to netsh-http#add-sslcert and netsh-http#delete-sslcert. There are examples in the documentation for reference.

"The system cannot find the file specified." means that there weren't certificates bound to these ports. You can Configure a Port with an SSL Certificate. You can also refer to this similar answer

certhash=***. The certhash parameter specifies the thumbprint of the certificate. Retrieve the Thumbprint of a Certificate

TengFeiXie
  • 176
  • 5