SSL: Can't Access https:// pages.

I've been struggling with this for the last 10+ hours and finally have just run out of ideas.

I have an SSL Certificate I bought from GoDaddy.com.  I have installed the certificate as per their instructions, and after calling them with this issue, I have even verified the certificate with a re-cert.  I can view the certificate information under DirectorySecurity (I'm usin IIS 6 by the way)

Basically the issue is that I can access my website via http://, but once I try to access via https://, I get an error saying that the page cannot be viewed.

I have done a port scan to ensure that port 443 is open.  I have verified that 443 is allowed by the firewall.

I have only one website on this dedicated server.  In the website are two virtual directories.  As per another E-E thread, I disabled BOTH of them, attempting ONLY to access default.htm.  Still no luck.  There is something I'm missing, but I have no idea what it is.  Thanks for any help!

David
brassmonkeyboyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dnojcdCommented:
have you checked this ssl website using any other browser than IE?
brassmonkeyboyAuthor Commented:
Doesn't work in Firefox either.

It gives the following error:

"The connection to mysite.com has terminated unexpectedly.  Some data may have been transferred."
dnojcdCommented:
In Firefox that error is a general one.
try this and view the site again and see if you are getting any other error message

enterabout:config in the address bar - go down to:
browser.xul.error_pages.enabled
change it to true.
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

brassmonkeyboyAuthor Commented:
I changed that value, but still get the same error message (although it's not in a popup this time) and it gives me a link to retry.

If you want to take a look at it yourself, it's www.orbussystems.com

dnojcdCommented:
there is a tool called ssldiag which is coming along with the IIS resource kit. try with that to check the problem
dnojcdCommented:
once again go through all the steps as mentioned in this article
http://support.microsoft.com/default.aspx?scid=kb;en-us;299875#EMABAAA
brassmonkeyboyAuthor Commented:
Where can I find it?
brassmonkeyboyAuthor Commented:
I followed all those steps.  Still same problem.  Everything seems to be going just great until I try to access the page.  Then I get the "This page cannot be displayed" error message...
brassmonkeyboyAuthor Commented:
Here is the SSL Diag printout:

System time: Thu, 06 Apr 2006 00:47:08 GMT
ModuleFileName: C:\Program Files\IIS Resources\SSLDiag\SSLDiag.exe
OS: Windows 2003 Service Pack 1
IIS6 - World Wide Web Publishing (W3SVC) service is installed

[ HKLM\System\CurrentControlSet\Services\HTTPFilter ]
ImagePath = C:\WINDOWS\system32\lsass.exe
Parameters\CertChainCacheOnlyUrlRetrieval = True(default)
strmfilt.dll loaded into process 804 (lsass.exe)
strmfilt.dll loaded into process 2988 (w3wp.exe)

[ SChannel Info ]
ServerCacheEntries = 0
ServerActiveEntries = 0
ServerHandshakes = 0
ServerReconnects = 0
CacheSize = 10000

[ W3SVC/374365282 ]
ServerComment = Orbus Subrogation Systems
ServerAutoStart = True
ServerState = Server started
#Could not impersonate server account
SSLCertHash = 5f 75 58 0a 76 99 83 c6 ae b5 bc 4e 75 88 a4 33 b2 35 fc bf
SSLStoreName = MY
#CertName = www.orbussystems.com
#WARNING: You have a private key that corresponds to this certificate but CryptAcquireCertificatePrivateKey failed
#Subject: O=www.orbussystems.com, OU=Domain Control Validated, CN=www.orbussystems.com
#Issuer: C=US, S=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", OU=http://www.starfieldtech.com/repository, CN=Starfield Secure Certification Authority, E=practices@starfieldtech.com
#Validity: From 4/4/2006 7:36:12 AM To 4/4/2007 7:36:12 AM
SecureBindings = 206.225.91.84:443:

[ W3SVC/374365282/root ]
AccessSSLFlags = 0 (0x0)

[ W3SVC/374365282/root/Orbus ]
AccessSSLFlags = 264 (0x108)
#WARNING:AccessSSL = True (resource inaccessible due to SSL does not work on this website)
#WARNING:AccessSSL128 = True (resource inaccessible due to SSL does not work on this website)
AccessSSLNegotiateCert = False
AccessSSLRequireCert = False
AccessSSLMapCert = False
brassmonkeyboyAuthor Commented:
#WARNING: You have a private key that corresponds to this certificate but CryptAcquireCertificatePrivateKey failed

What does this mean?
dnojcdCommented:
Did you correctly install the Server Certificate with its Private Key.
how many ips you have in that server?make sure that you not are trying to share the same IP with two sites, one with SSL.
can you export the certificate to some other server and check if its working there?
brassmonkeyboyAuthor Commented:
SOLVED:

1.Set the correct permission for Machinekey folder C:\Documents and
Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

2.Add administrator and system Full Control Permissions.

3.Restart IIS

AND IT FREAKING WORKS!

Thanks trying man!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dnojcdCommented:
message indicate a problem with the permissions on the machineKeys  folder

check this one
http://www.developmentnow.com/g/59_2003_12_0_0_271728/IIS-5-SSL-stopped-working.htm
dnojcdCommented:
ok great to know that your problem is solved :-)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.