[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2344
  • Last Modified:

SSL: Can't Access https:// pages.

I've been struggling with this for the last 10+ hours and finally have just run out of ideas.

I have an SSL Certificate I bought from GoDaddy.com.  I have installed the certificate as per their instructions, and after calling them with this issue, I have even verified the certificate with a re-cert.  I can view the certificate information under DirectorySecurity (I'm usin IIS 6 by the way)

Basically the issue is that I can access my website via http://, but once I try to access via https://, I get an error saying that the page cannot be viewed.

I have done a port scan to ensure that port 443 is open.  I have verified that 443 is allowed by the firewall.

I have only one website on this dedicated server.  In the website are two virtual directories.  As per another E-E thread, I disabled BOTH of them, attempting ONLY to access default.htm.  Still no luck.  There is something I'm missing, but I have no idea what it is.  Thanks for any help!

David
0
brassmonkeyboy
Asked:
brassmonkeyboy
  • 8
  • 7
1 Solution
 
dnojcdCommented:
have you checked this ssl website using any other browser than IE?
0
 
brassmonkeyboyAuthor Commented:
Doesn't work in Firefox either.

It gives the following error:

"The connection to mysite.com has terminated unexpectedly.  Some data may have been transferred."
0
 
dnojcdCommented:
In Firefox that error is a general one.
try this and view the site again and see if you are getting any other error message

enterabout:config in the address bar - go down to:
browser.xul.error_pages.enabled
change it to true.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
brassmonkeyboyAuthor Commented:
I changed that value, but still get the same error message (although it's not in a popup this time) and it gives me a link to retry.

If you want to take a look at it yourself, it's www.orbussystems.com

0
 
dnojcdCommented:
there is a tool called ssldiag which is coming along with the IIS resource kit. try with that to check the problem
0
 
dnojcdCommented:
once again go through all the steps as mentioned in this article
http://support.microsoft.com/default.aspx?scid=kb;en-us;299875#EMABAAA
0
 
brassmonkeyboyAuthor Commented:
Where can I find it?
0
 
brassmonkeyboyAuthor Commented:
I followed all those steps.  Still same problem.  Everything seems to be going just great until I try to access the page.  Then I get the "This page cannot be displayed" error message...
0
 
brassmonkeyboyAuthor Commented:
Here is the SSL Diag printout:

System time: Thu, 06 Apr 2006 00:47:08 GMT
ModuleFileName: C:\Program Files\IIS Resources\SSLDiag\SSLDiag.exe
OS: Windows 2003 Service Pack 1
IIS6 - World Wide Web Publishing (W3SVC) service is installed

[ HKLM\System\CurrentControlSet\Services\HTTPFilter ]
ImagePath = C:\WINDOWS\system32\lsass.exe
Parameters\CertChainCacheOnlyUrlRetrieval = True(default)
strmfilt.dll loaded into process 804 (lsass.exe)
strmfilt.dll loaded into process 2988 (w3wp.exe)

[ SChannel Info ]
ServerCacheEntries = 0
ServerActiveEntries = 0
ServerHandshakes = 0
ServerReconnects = 0
CacheSize = 10000

[ W3SVC/374365282 ]
ServerComment = Orbus Subrogation Systems
ServerAutoStart = True
ServerState = Server started
#Could not impersonate server account
SSLCertHash = 5f 75 58 0a 76 99 83 c6 ae b5 bc 4e 75 88 a4 33 b2 35 fc bf
SSLStoreName = MY
#CertName = www.orbussystems.com
#WARNING: You have a private key that corresponds to this certificate but CryptAcquireCertificatePrivateKey failed
#Subject: O=www.orbussystems.com, OU=Domain Control Validated, CN=www.orbussystems.com
#Issuer: C=US, S=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", OU=http://www.starfieldtech.com/repository, CN=Starfield Secure Certification Authority, E=practices@starfieldtech.com
#Validity: From 4/4/2006 7:36:12 AM To 4/4/2007 7:36:12 AM
SecureBindings = 206.225.91.84:443:

[ W3SVC/374365282/root ]
AccessSSLFlags = 0 (0x0)

[ W3SVC/374365282/root/Orbus ]
AccessSSLFlags = 264 (0x108)
#WARNING:AccessSSL = True (resource inaccessible due to SSL does not work on this website)
#WARNING:AccessSSL128 = True (resource inaccessible due to SSL does not work on this website)
AccessSSLNegotiateCert = False
AccessSSLRequireCert = False
AccessSSLMapCert = False
0
 
brassmonkeyboyAuthor Commented:
#WARNING: You have a private key that corresponds to this certificate but CryptAcquireCertificatePrivateKey failed

What does this mean?
0
 
dnojcdCommented:
Did you correctly install the Server Certificate with its Private Key.
how many ips you have in that server?make sure that you not are trying to share the same IP with two sites, one with SSL.
can you export the certificate to some other server and check if its working there?
0
 
brassmonkeyboyAuthor Commented:
SOLVED:

1.Set the correct permission for Machinekey folder C:\Documents and
Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

2.Add administrator and system Full Control Permissions.

3.Restart IIS

AND IT FREAKING WORKS!

Thanks trying man!
0
 
dnojcdCommented:
message indicate a problem with the permissions on the machineKeys  folder

check this one
http://www.developmentnow.com/g/59_2003_12_0_0_271728/IIS-5-SSL-stopped-working.htm
0
 
dnojcdCommented:
ok great to know that your problem is solved :-)
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 8
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now