Cannot secure web folder on IIS 6 with SSL
Hey fellow experts, need some help with locking down the site. I inherited a support of a website and I am having an issue securing several folders on a website SSL. The site is running on Win2K3 standard, IIS 6 (obviously), service pack 2, latest hotfixes. No server hardening has been done yet. The underlying code is C#, .Net, both .net 2.0 and 1.1.4 are in use .
The website has a certificate that client obtained from GoDaddy. The certificate appears to be valid and I have both .p7b and .cer.cs files. Obviously cert chain is included as part of p7b. I'm not a PKI expert, so my knowledge is somewhat spotty. I've installed the cert in personal store and that allowed me to configure the website with the certificate. When I select it - it shows that cert is available.
The main page is supposed to be open to public say, http://www.somecorp.com. When customer hits the site, they have an option to log in as an admin or a client. This corresponds to /admin and /client sub-folders. When I select directory security for www.somecorp.com/admin and tell it to require SSL, 128bit and then remove basic and integrated authentication, the site does not come up. The log was showing 403 15 5 - so, I granted the IUSR_computername account read rights to the content folder and also made sure that document type was registered. However, still no luck.
I'd appreciate some thorough step-by-step advise on what to do to get the https: to work on /admin and /client folders.
Thanks in advance.
The website has a certificate that client obtained from GoDaddy. The certificate appears to be valid and I have both .p7b and .cer.cs files. Obviously cert chain is included as part of p7b. I'm not a PKI expert, so my knowledge is somewhat spotty. I've installed the cert in personal store and that allowed me to configure the website with the certificate. When I select it - it shows that cert is available.
The main page is supposed to be open to public say, http://www.somecorp.com. When customer hits the site, they have an option to log in as an admin or a client. This corresponds to /admin and /client sub-folders. When I select directory security for www.somecorp.com/admin and tell it to require SSL, 128bit and then remove basic and integrated authentication, the site does not come up. The log was showing 403 15 5 - so, I granted the IUSR_computername account read rights to the content folder and also made sure that document type was registered. However, still no luck.
I'd appreciate some thorough step-by-step advise on what to do to get the https: to work on /admin and /client folders.
Thanks in advance.
Whats the actual error your seeing on the webpage?
A http 403.15 error is:
403.15 - Client Access Licenses exceeded.
Is your log definatly showing 403 15 and not 403 1 5 (eg with a space?)
Could there be a licensing issue with the web application?
A http 403.15 error is:
403.15 - Client Access Licenses exceeded.
Is your log definatly showing 403 15 and not 403 1 5 (eg with a space?)
Could there be a licensing issue with the web application?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Your site could be using frame so the url in your browser isn't really displaying the correct page with the error.
P.S. did you try to navigate the site without SSL enabled?
Do you get the same error?
SSL should only really help with configuring the HTTPS protocol, thus enabling a secure channel.
it doesn't really have anything to do with granting permissions to sites/folders.