locked
HttpSetServiceConfiguration RRS feed

  • Question

  • Hello,

    I am trying to bind a certificate to an IP and port programaticaly using HttpSetServiceConfiguration, but I keep getting an error code of ERROR_INVALID_HANDLE - The handle is invalid (6). I've stepped through my code and the certificate seems to be found OK, all the values of the HTTP_SERVICE_CONFIG_SSL_SET struct are set and populated. Can anyone see any problems with the following code? I am using C# with .NET 3.5 SP1, Visual Studio 2008. Windows XP SP2. I have a tool that adds it, and it works fine. Just my code doesn't work. I'm sure its something silly. Any help would be greatly appreciated.

    Code Snippet

    X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);

    store.Open(OpenFlags.ReadOnly);

     

    X509Certificate2 cbamCertificate = new X509Certificate2();

     

    foreach (X509Certificate2 certificate in store.Certificates)

    {

    if (certificate.Subject == "CN=CBAM")

    {

    cbamCertificate = certificate;

    break;

    }

    }

     

    store.Close();

     

    SslConfigurationItem sslConfigItem = new SslConfigurationItem();

    sslConfigItem.IPAddress = IPAddress.Parse("127.0.0.1");

    sslConfigItem.AppId = Guid.NewGuid();

    sslConfigItem.Port = 8000;

    sslConfigItem.CertStoreName = "MY";

    sslConfigItem.Hash = cbamCertificate.GetCertHash();

    sslConfigItem.RevocationFreshnessTime = 0;

    sslConfigItem.RevocationUrlRetrievalTimeout = 0;

     

    HttpApi.HTTP_SERVICE_CONFIG_SSL_SET sslStruct = new HttpApi.HTTP_SERVICE_CONFIG_SSL_SET();

    sslStruct.KeyDesc.pIpPort = HttpApi.BuildSockaddr(2, sslConfigItem.Port, sslConfigItem.IPAddress);

     

    if (sslConfigItem.Hash != null)

    {

    sslStruct.ParamDesc.pSslHash = Marshal.AllocHGlobal(sslConfigItem.Hash.Length);

    Marshal.Copy(sslConfigItem.Hash, 0, sslStruct.ParamDesc.pSslHash, sslConfigItem.Hash.Length);

    sslStruct.ParamDesc.SslHashLength = sslConfigItem.Hash.Length;

    }

    sslStruct.ParamDesc.AppId = sslConfigItem.AppId;

    sslStruct.ParamDesc.pSslCertStoreName = sslConfigItem.CertStoreName;

    sslStruct.ParamDesc.RevocationFreshnessTime = sslConfigItem.RevocationFreshnessTime;

    sslStruct.ParamDesc.RevocationUrlRetrievalTimeout = sslConfigItem.RevocationUrlRetrievalTimeout;

    sslStruct.ParamDesc.pSslCtlIdentifier = string.Empty;

    sslStruct.ParamDesc.pSslCtlStoreName = string.Empty;

    sslStruct.ParamDesc.Flags = 0;

    sslStruct.ParamDesc.CertCheckMode = 0;

     

    IntPtr pStruct = Marshal.AllocHGlobal(Marshal.SizeOf(sslStruct));

    Marshal.StructureToPtr(sslStruct, pStruct, false);

     

    int error = HttpApi.HttpSetServiceConfiguration(

    IntPtr.Zero,

    HttpApi.HTTP_SERVICE_CONFIG_ID.HttpServiceConfigSSLCertInfo,

    pStruct,

    Marshal.SizeOf(sslStruct),

    IntPtr.Zero);

     

     

    Monday, December 22, 2008 11:31 PM

All replies