We help IT Professionals succeed at work.

SSL:  Can't Access https:// pages.

Medium Priority
2,452 Views
Last Modified: 2012-08-14
I've been struggling with this for the last 10+ hours and finally have just run out of ideas.

I have an SSL Certificate I bought from GoDaddy.com.  I have installed the certificate as per their instructions, and after calling them with this issue, I have even verified the certificate with a re-cert.  I can view the certificate information under DirectorySecurity (I'm usin IIS 6 by the way)

Basically the issue is that I can access my website via http://, but once I try to access via https://, I get an error saying that the page cannot be viewed.

I have done a port scan to ensure that port 443 is open.  I have verified that 443 is allowed by the firewall.

I have only one website on this dedicated server.  In the website are two virtual directories.  As per another E-E thread, I disabled BOTH of them, attempting ONLY to access default.htm.  Still no luck.  There is something I'm missing, but I have no idea what it is.  Thanks for any help!

David
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2006

Commented:
have you checked this ssl website using any other browser than IE?

Author

Commented:
Doesn't work in Firefox either.

It gives the following error:

"The connection to mysite.com has terminated unexpectedly.  Some data may have been transferred."
CERTIFIED EXPERT
Top Expert 2006

Commented:
In Firefox that error is a general one.
try this and view the site again and see if you are getting any other error message

enterabout:config in the address bar - go down to:
browser.xul.error_pages.enabled
change it to true.

Author

Commented:
I changed that value, but still get the same error message (although it's not in a popup this time) and it gives me a link to retry.

If you want to take a look at it yourself, it's www.orbussystems.com

CERTIFIED EXPERT
Top Expert 2006

Commented:
there is a tool called ssldiag which is coming along with the IIS resource kit. try with that to check the problem
CERTIFIED EXPERT
Top Expert 2006

Commented:
once again go through all the steps as mentioned in this article
http://support.microsoft.com/default.aspx?scid=kb;en-us;299875#EMABAAA

Author

Commented:
Where can I find it?

Author

Commented:
I followed all those steps.  Still same problem.  Everything seems to be going just great until I try to access the page.  Then I get the "This page cannot be displayed" error message...
CERTIFIED EXPERT
Top Expert 2006

Commented:

Author

Commented:
Here is the SSL Diag printout:

System time: Thu, 06 Apr 2006 00:47:08 GMT
ModuleFileName: C:\Program Files\IIS Resources\SSLDiag\SSLDiag.exe
OS: Windows 2003 Service Pack 1
IIS6 - World Wide Web Publishing (W3SVC) service is installed

[ HKLM\System\CurrentControlSet\Services\HTTPFilter ]
ImagePath = C:\WINDOWS\system32\lsass.exe
Parameters\CertChainCacheOnlyUrlRetrieval = True(default)
strmfilt.dll loaded into process 804 (lsass.exe)
strmfilt.dll loaded into process 2988 (w3wp.exe)

[ SChannel Info ]
ServerCacheEntries = 0
ServerActiveEntries = 0
ServerHandshakes = 0
ServerReconnects = 0
CacheSize = 10000

[ W3SVC/374365282 ]
ServerComment = Orbus Subrogation Systems
ServerAutoStart = True
ServerState = Server started
#Could not impersonate server account
SSLCertHash = 5f 75 58 0a 76 99 83 c6 ae b5 bc 4e 75 88 a4 33 b2 35 fc bf
SSLStoreName = MY
#CertName = www.orbussystems.com
#WARNING: You have a private key that corresponds to this certificate but CryptAcquireCertificatePrivateKey failed
#Subject: O=www.orbussystems.com, OU=Domain Control Validated, CN=www.orbussystems.com
#Issuer: C=US, S=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", OU=http://www.starfieldtech.com/repository, CN=Starfield Secure Certification Authority, E=practices@starfieldtech.com
#Validity: From 4/4/2006 7:36:12 AM To 4/4/2007 7:36:12 AM
SecureBindings = 206.225.91.84:443:

[ W3SVC/374365282/root ]
AccessSSLFlags = 0 (0x0)

[ W3SVC/374365282/root/Orbus ]
AccessSSLFlags = 264 (0x108)
#WARNING:AccessSSL = True (resource inaccessible due to SSL does not work on this website)
#WARNING:AccessSSL128 = True (resource inaccessible due to SSL does not work on this website)
AccessSSLNegotiateCert = False
AccessSSLRequireCert = False
AccessSSLMapCert = False

Author

Commented:
#WARNING: You have a private key that corresponds to this certificate but CryptAcquireCertificatePrivateKey failed

What does this mean?
CERTIFIED EXPERT
Top Expert 2006

Commented:
Did you correctly install the Server Certificate with its Private Key.
how many ips you have in that server?make sure that you not are trying to share the same IP with two sites, one with SSL.
can you export the certificate to some other server and check if its working there?
SOLVED:

1.Set the correct permission for Machinekey folder C:\Documents and
Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

2.Add administrator and system Full Control Permissions.

3.Restart IIS

AND IT FREAKING WORKS!

Thanks trying man!

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
CERTIFIED EXPERT
Top Expert 2006

Commented:
message indicate a problem with the permissions on the machineKeys  folder

check this one
http://www.developmentnow.com/g/59_2003_12_0_0_271728/IIS-5-SSL-stopped-working.htm
CERTIFIED EXPERT
Top Expert 2006

Commented:
ok great to know that your problem is solved :-)
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.