Cannot secure web folder on IIS 6 with SSL

Posted on 2009-12-16
Last Modified: 2013-11-18
Hey fellow experts, need some help with locking down the site. I inherited a support of a website and I am having an issue securing several folders on a website SSL. The site is running on Win2K3 standard, IIS 6 (obviously), service pack 2, latest hotfixes. No server hardening has been done yet. The underlying code is C#, .Net, both .net 2.0 and 1.1.4 are in use .

The website has a certificate that client obtained from GoDaddy. The certificate appears to be valid and I have both .p7b and .cer.cs  files. Obviously cert chain is included as part of p7b. I'm not a PKI expert, so my knowledge is somewhat spotty. I've installed the cert in personal store and that allowed me to configure the website with the certificate. When I select it - it shows that cert is available.

The main page is supposed to be open to public say, When customer hits the site, they have an option to log in as an admin or a client. This corresponds to /admin and /client sub-folders.  When I select directory security for and tell it to require SSL, 128bit and then remove basic and integrated authentication, the site does not come up. The log was showing 403 15 5 - so, I granted the IUSR_computername account read rights to the content folder and also made sure that document type was registered. However, still no luck.

I'd appreciate some thorough step-by-step advise on what to do to get the https: to work on /admin and /client folders.

Thanks in advance.
Question by:CynepMeH
    LVL 26

    Expert Comment

    by:Leon Fester
    Enable logging on the site and then view which pages are causing the error.
    Your site could be using frame so the url in your browser isn't really displaying the correct page with the error.

    P.S. did you try to navigate the site without SSL enabled?
    Do you get the same error?
    SSL should only really help with configuring the HTTPS protocol, thus enabling a secure channel.
    it doesn't really have anything to do with granting permissions to sites/folders.
    LVL 13

    Expert Comment

    Whats the actual error your seeing on the webpage?

    A http 403.15 error is:
    403.15 - Client Access Licenses exceeded.

    Is your log definatly showing 403 15   and not 403 1 5  (eg with a space?)

    Could there be a licensing issue with the web application?

    LVL 11

    Accepted Solution

    So, I found the solution to the issue. Several things:

    I ran Microsoft SSL Diagnostics tool - that showed that the cert was invalid and that it could not validate it. I found out the hard way that the server was recently rebuilt, before I took over. While cert was installed, it was only the "public" cert - without the private keys. Once I re-created a CSR, got a new set of private/public keys - the cert installed without any issues and SSL began working again. So, just because cert shows up under "Select existing certificate", do not assume it is valid - always validate first with something as simple as SSL Diagnostics tool:


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    I recently read an article which suggested that 60% of businesses in the U.S. that process credit card details online in order to accept payment for goods or services were not Payment Card Industry security standards (PCI) compliant. This statement …
    Lync server 2013 Backup Service Error ID 4049 – After File Share Migration
    Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now