I moved my Windows 10 Boot M.2 SSD Drive from my laptop to a mini PC. All went well with new drivers and all except the SSL Certificates seems to be messed up. I get a hundred Event ID 15300 and 15301 warnings every time I boot up. All Google searches say to ignore those ID warnings but I get hundreds of them. I tried deleting my certificates but they just relist and it doesn’t change anything. I am out of my league. I want to clean up my SSL Certificates but don’t know what to do. Help please?
Certificate bindings on windows are generally a hash value (thumbprint) that in turn corresponds to a public certificate in the Local Machine certificate store (which is a bunch of registry settings), and a corresponding secured private key for each certificate, which is then associated to an IP:port combination. If the certificate is deleted or can’t be read, or the private key is no longer accessible then the service that tries to use them (via SChannel) will fail to use that cert. Things that can cause catastrophic certificate access problems include forcing access to the administrator account or resetting the Local System keys (I’d imagine changing to a different machine means you lose TPM module settings).
The fix is to have new working certificates and update your bindings that are using the old certificates, if you have IIS installed on your machine then most of the bindings will be things you can change using IIS Manager (select a site and edit the bindings, then change the https bindings to a working certificate).
The other place to look for bindings is using
netsh http show sslcert which can reveal hidden bindings such as default IP bindings or service ports you didn’t know you were using. You may want to pipe that output to a file to read through e.g.
netsh http show sslcert > C:\temp\bindings.txt - you can delete bindings you’re not using or update them to new working certificate thumbprints.
Thank you very much! It sounds like you know this stuff. It seems out of my league. Can I hire you to do this fix remotely? Or, if not, can you recommend someone who could do this?
Thanks, no unfortunately my time is taken up with https://certifytheweb.com - you could maybe get a local IT firm to help but I recommend spending the time to try to resolve this yourself with judicious googling.
Those netsh commands I pointed you to would be run using the windows command prompt, run as administrator (windows key >type cmd to search, right click the Command Prompt app and choose Run as Administrator)
Thanks kindly. I don’t think I could cause too much damage if I make a mistake.