Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

SSL will no longer work after migration

Posted on 2004-08-04
19
Medium Priority
?
220 Views
Last Modified: 2013-12-04
I transferred a web site from one Windows 2000 box running IIS 5.0 to another running the same software. I used the Microsoft Management Console to export the site's SSL certificate to a .pfx file. I then imprted that .pfx file into the new box also using MMC. Finally I assigned that certificate to the website in IIS.

IIS says that the certificate is valid and that my private key corresponds. However, when I go to the site over the Internet, I get a "Page Not Found" error whenever I use https://. This didn't happen on the old server.

I've tried everything:

1. I made sure that port 443 was indicated for SSL in the website's properties.
2. I stopped and started both the web site, IIS and Web Services
3. I uninstalled and reinstalled sspifilt.dll on the server
4. I rebooted the machine.
5. I uninstalled and re-installed the certificate AND test certificates available from Thawte.

Nothing works.

What other things should I check to get this working? Thanks for any help. I need it urgently.
0
Comment
Question by:cbeaudry1
  • 10
  • 5
  • 2
  • +1
19 Comments
 
LVL 7

Expert Comment

by:msice
ID: 11717905
Did you make sure to require SSL on the site under security at the bottom? If not https will provide that error.
0
 
LVL 7

Expert Comment

by:msice
ID: 11717972
Also if you changed the computer did you change the IP address? If so the router might need to be changed to point to the new webservers IP address for port 443.
0
 
LVL 7

Expert Comment

by:msice
ID: 11717988
Or just use the old webservers IP address for the new webserver.
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 

Author Comment

by:cbeaudry1
ID: 11718051
The IP address was unbound from the first server and then bound again to the new server. The site shows up normally without SSL. Secured connections should not be required to access the entire site. Only the ordering process needs it. In the site's properties (IIS5.0), there is no check box to "require" SSL. The only field in the website tab refers to the SSL's port number and that's set to 443.
0
 
LVL 7

Expert Comment

by:msice
ID: 11718095
In IIS right click the folder that requires the SSL "the ordering process folder" and go to Properties. Select the Directory Security tab. At the bottom click edit and require SSL.
0
 

Author Comment

by:cbeaudry1
ID: 11718208
The ordering process is already forced through a secured layer by VBscript through an include on those particular pages. The problem is that the SSL doesn't work at all on the site. http://www.site.com shows up but https://www.site.com does not even though it did on the old server. The certificate is the same, and so are the settings. The only difference between the two is that the new server also runs SQL and Cold Fusion.
0
 
LVL 7

Expert Comment

by:msice
ID: 11718265
In IIS right click the site that requires the SSL and go to Properties. Select the Directory Security tab. At the bottom click server certificate and go therough the setup if you have done this, click edit and require SSL. If you havent done these steps the SSL is not turned on for the site!
0
 

Author Comment

by:cbeaudry1
ID: 11718751
That check box requires that all connections be done through SSL. If that box is checked, then all users are forced to view the site through https://. This is not required for this site. The SSL should be accessible through links that include https:// but it isn't. That check box is only used when all pages must be displayed through the SSL.

Just for the heck of it, I did check the box. When I went to the homepage without a secured connection, an error appeared saying that the page could only be viewed through SSL. Because SSL doesn't work, the page didn't display. Again, that check box is only used to force users to see the site through SSL, not to activate SSL itself.
0
 
LVL 7

Expert Comment

by:msice
ID: 11718783
You either use SSL in a given folder or you dont not both! So look at where the https links are pointing to (what folder) and in IIS right click that folder that requires the SSL "probly the ordering process folder" and go to Properties. Select the Directory Security tab. At the bottom click edit and require SSL for that folder.
0
 
LVL 7

Expert Comment

by:msice
ID: 11718809
Oh you can also do this for indivisual files so if there is a order.htm file or something like that, you can set just that file for SSL using the same process except the tab is called File Security.
0
 
LVL 7

Expert Comment

by:msice
ID: 11718979
This is from this site http://www.microsoft.com/windows2000/en/server/iis/htm/core/iiectsc.htm?id=97

To enable client certificates

In the Internet Information Services snap-in, select a Web site, directory, or file, and open its property sheets.
If you have not previously obtained a server certificate, select the Directory Security property sheet, under Secure Communications, click Server Certificate. For more information, see Using the New Security Task Wizards.
If you have previously obtained a server certificate, select the Directory Security or File Security property sheet, then under Secure Communications, click Edit.
In the Secure Communications dialog box, select the Require secure channel (SSL) check box. Requiring a secure channel means that user cannot connect to this site without using a secure link (that is, the link's URL must begin with https://).
Under Client certificates select one of the following to enable client certificate authentication:
Accept client certificates Users can access the resource with a client certificate, but the certificate is not required.
Require client certificates The server will request a client certificate before connecting the user to the resource. Users without a valid client certificate will be denied access.
Ignore client certificates Users with or without a client certificate will be granted access.
0
 
LVL 7

Expert Comment

by:msice
ID: 11719099
Maybe it was set to "Ignore client certificates" - Users with or without a client certificate will be granted access. On the old Site.
0
 
LVL 7

Expert Comment

by:msice
ID: 11719106
Can you look at the old servers iss properties?
0
 

Author Comment

by:cbeaudry1
ID: 11719144
The properties are set the same and are set to "ignore"
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11719204
You should try importing the certificate through mmc. This is how I do it on IIS 5 and 6, and it always works.

http://searchsupport.verisign.com/content/kb/vs27348.html
0
 

Author Comment

by:cbeaudry1
ID: 11719377
Porblem solved. It had nothing to do with either IIS or the certificate itself. After we dug through all the processes, we discovered that a piece of software called DigiChat was using port 443 even though it's not supposed to. Once we shut down the Java chat server and rebooted, the SSL started functioning.
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11719482
Good Catch ;)

J
0
 

Accepted Solution

by:
CetusMOD earned 0 total points
ID: 12623226
Question PAQ'd
500 points refunded.

CetusMOD
Community Support Moderator
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Loops Section Overview
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question