Solved

SSL will no longer work after migration

Posted on 2004-08-04
19
214 Views
Last Modified: 2013-12-04
I transferred a web site from one Windows 2000 box running IIS 5.0 to another running the same software. I used the Microsoft Management Console to export the site's SSL certificate to a .pfx file. I then imprted that .pfx file into the new box also using MMC. Finally I assigned that certificate to the website in IIS.

IIS says that the certificate is valid and that my private key corresponds. However, when I go to the site over the Internet, I get a "Page Not Found" error whenever I use https://. This didn't happen on the old server.

I've tried everything:

1. I made sure that port 443 was indicated for SSL in the website's properties.
2. I stopped and started both the web site, IIS and Web Services
3. I uninstalled and reinstalled sspifilt.dll on the server
4. I rebooted the machine.
5. I uninstalled and re-installed the certificate AND test certificates available from Thawte.

Nothing works.

What other things should I check to get this working? Thanks for any help. I need it urgently.
0
Comment
Question by:cbeaudry1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 5
  • 2
  • +1
19 Comments
 
LVL 7

Expert Comment

by:msice
ID: 11717905
Did you make sure to require SSL on the site under security at the bottom? If not https will provide that error.
0
 
LVL 7

Expert Comment

by:msice
ID: 11717972
Also if you changed the computer did you change the IP address? If so the router might need to be changed to point to the new webservers IP address for port 443.
0
 
LVL 7

Expert Comment

by:msice
ID: 11717988
Or just use the old webservers IP address for the new webserver.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:cbeaudry1
ID: 11718051
The IP address was unbound from the first server and then bound again to the new server. The site shows up normally without SSL. Secured connections should not be required to access the entire site. Only the ordering process needs it. In the site's properties (IIS5.0), there is no check box to "require" SSL. The only field in the website tab refers to the SSL's port number and that's set to 443.
0
 
LVL 7

Expert Comment

by:msice
ID: 11718095
In IIS right click the folder that requires the SSL "the ordering process folder" and go to Properties. Select the Directory Security tab. At the bottom click edit and require SSL.
0
 

Author Comment

by:cbeaudry1
ID: 11718208
The ordering process is already forced through a secured layer by VBscript through an include on those particular pages. The problem is that the SSL doesn't work at all on the site. http://www.site.com shows up but https://www.site.com does not even though it did on the old server. The certificate is the same, and so are the settings. The only difference between the two is that the new server also runs SQL and Cold Fusion.
0
 
LVL 7

Expert Comment

by:msice
ID: 11718265
In IIS right click the site that requires the SSL and go to Properties. Select the Directory Security tab. At the bottom click server certificate and go therough the setup if you have done this, click edit and require SSL. If you havent done these steps the SSL is not turned on for the site!
0
 

Author Comment

by:cbeaudry1
ID: 11718751
That check box requires that all connections be done through SSL. If that box is checked, then all users are forced to view the site through https://. This is not required for this site. The SSL should be accessible through links that include https:// but it isn't. That check box is only used when all pages must be displayed through the SSL.

Just for the heck of it, I did check the box. When I went to the homepage without a secured connection, an error appeared saying that the page could only be viewed through SSL. Because SSL doesn't work, the page didn't display. Again, that check box is only used to force users to see the site through SSL, not to activate SSL itself.
0
 
LVL 7

Expert Comment

by:msice
ID: 11718783
You either use SSL in a given folder or you dont not both! So look at where the https links are pointing to (what folder) and in IIS right click that folder that requires the SSL "probly the ordering process folder" and go to Properties. Select the Directory Security tab. At the bottom click edit and require SSL for that folder.
0
 
LVL 7

Expert Comment

by:msice
ID: 11718809
Oh you can also do this for indivisual files so if there is a order.htm file or something like that, you can set just that file for SSL using the same process except the tab is called File Security.
0
 
LVL 7

Expert Comment

by:msice
ID: 11718979
This is from this site http://www.microsoft.com/windows2000/en/server/iis/htm/core/iiectsc.htm?id=97

To enable client certificates

In the Internet Information Services snap-in, select a Web site, directory, or file, and open its property sheets.
If you have not previously obtained a server certificate, select the Directory Security property sheet, under Secure Communications, click Server Certificate. For more information, see Using the New Security Task Wizards.
If you have previously obtained a server certificate, select the Directory Security or File Security property sheet, then under Secure Communications, click Edit.
In the Secure Communications dialog box, select the Require secure channel (SSL) check box. Requiring a secure channel means that user cannot connect to this site without using a secure link (that is, the link's URL must begin with https://).
Under Client certificates select one of the following to enable client certificate authentication:
Accept client certificates Users can access the resource with a client certificate, but the certificate is not required.
Require client certificates The server will request a client certificate before connecting the user to the resource. Users without a valid client certificate will be denied access.
Ignore client certificates Users with or without a client certificate will be granted access.
0
 
LVL 7

Expert Comment

by:msice
ID: 11719099
Maybe it was set to "Ignore client certificates" - Users with or without a client certificate will be granted access. On the old Site.
0
 
LVL 7

Expert Comment

by:msice
ID: 11719106
Can you look at the old servers iss properties?
0
 

Author Comment

by:cbeaudry1
ID: 11719144
The properties are set the same and are set to "ignore"
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11719204
You should try importing the certificate through mmc. This is how I do it on IIS 5 and 6, and it always works.

http://searchsupport.verisign.com/content/kb/vs27348.html
0
 

Author Comment

by:cbeaudry1
ID: 11719377
Porblem solved. It had nothing to do with either IIS or the certificate itself. After we dug through all the processes, we discovered that a piece of software called DigiChat was using port 443 even though it's not supposed to. Once we shut down the Java chat server and rebooted, the SSL started functioning.
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11719482
Good Catch ;)

J
0
 

Accepted Solution

by:
CetusMOD earned 0 total points
ID: 12623226
Question PAQ'd
500 points refunded.

CetusMOD
Community Support Moderator
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question