?
Solved

IIS 6.0 getting page cannot be display when SSL is enabled.

Posted on 2010-01-04
14
Medium Priority
?
1,668 Views
Last Modified: 2013-11-21
I have looked at the other questions regarding this topic but nothing seems to apply. We are running a server 2003 Ent R2 SP2 box with IIS6. We have multiple sites setup in IIS using host header values on port 80. We are trying to enable SSL on one of the sites but the site will not display when attempting to view it on the secure channel (HTTPS). However, the site (along with all of the others) display just fine with standard http. I was getting a few errors but searching google has lead to no results. According to all of the articles i have read, it is realted to the default website already being binded to 443 but I don't have the defualt website as it has been deleted. Here is some additional information regarding the setup:

-IIS listens on 10.x.x.17 only (enabled the listenonly key when the server was first setup)
-The server has 1 additional IP but it is in use by Apache.
-Apace is only listening on 10.x.x.16
-Default website has been deleted
-Any restarts of IIS are clean and the registry reflects the site SSL configuration
-I can telnet to 443 using the DNS of the site
-80 and 443 are open on both server and firewall

At this point I am not sure what is going on. There are not errors other that page cannot be displayed. The URL is www.ymcalincolnjobs.org

Any help you can provide in resolving this issue would be greatly appreciated.
0
Comment
Question by:Jeff2009
  • 6
  • 4
  • 2
  • +1
14 Comments
 
LVL 13

Expert Comment

by:Springy555
ID: 26172263
What were the errors you were seeing?

As a test, if you remove SSL on the website you have applied it to, can you still telnet to the server on port 443 after an IISRESET?

If so, there is another site or service opening port 443.
0
 
LVL 6

Expert Comment

by:chilids
ID: 26172311
Is there anything set to use 443 besides the website in question?  Try using a different port, say 444, for the SSL on the site to see if there is a problem with the site settings or the port 443.
0
 
LVL 13

Expert Comment

by:Springy555
ID: 26172414
Sorry, ignore my last comment.  IIS listens on port 443, even if no sites are configured to use it.

Is the website with SSL configured to listen on 10.x.x.17 and not 'all unnasigned'?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:Jeff2009
ID: 26172478
@Springy555:

I remove the port specification on the site and did an iisreset. Telnet was unable to connect on 443 after that. I reenabled 443 and did another IIS reset and telnet started working again.

@chilids:
I set the SSL port to 444 and http://www.ymcalincolnjobs.org:444/ yields a blank page while https://www.ymcalincolnjobs.org:444/ yields a connection error.

Any other suggestions?
0
 

Author Comment

by:Jeff2009
ID: 26172489
@chilids:

The site is configure for the specific IP address (10.x.x.17) and not all assigned.
0
 
LVL 15

Expert Comment

by:Tray896
ID: 26172520
I've seen similar behavior before.  The first thing I would check is the SSL binding for your website.  Verify that the binding for port 443 is set to the correct IP address - The same IP that the port 80 binding is set to.

If that is ok, then the next thing to try is remove the SSL cert from your website and then re-add it.  Just go through the server certificates wizard to do this and then try your site over https.
0
 
LVL 13

Expert Comment

by:Springy555
ID: 26172542
Does the URL on the SSL certificate match exactly to what your typing in the browsers address bar?

Also try enabling IIS logging for the website.  If you select extended properties tab, ensure you select the sc-win32-status option.  Try hitting the site a few more times, then have a look at the IIS logs.
0
 

Author Comment

by:Jeff2009
ID: 26172548
@Tray896:

Thanks for the suggestion. I saw the SSL cert removal recommendation on another article I read. I have removed the cert, restarted IIS, assigned the cert, restarted IIS and still get the same result.

This is just the strangest things I have ever seen in all the years I have worked on web servers.
0
 
LVL 13

Accepted Solution

by:
Springy555 earned 2000 total points
ID: 26172555
Also run the SSL Diagnostics tool.  Its very useful and has solved many a problem before!

http://www.microsoft.com/downloads/details.aspx?familyid=cabea1d0-5a10-41bc-83d4-06c814265282&displaylang=en
0
 
LVL 6

Expert Comment

by:chilids
ID: 26172655
This is probably a waste of time but is the server behind a NAT device?  If it is, is port forwarding setup for 443?  Also, can you browse the website from the webserver or another computer in the network?

0
 
LVL 15

Expert Comment

by:Tray896
ID: 26172671
Jeff - How about if you create an entirely new website and install the cert to it.  Can you hit that site over https?

When you have the certificate installed, what happens when you click on View Certificate on the directory security tab of your website?  Does it show the cert with no errors?  
0
 

Author Comment

by:Jeff2009
ID: 26172849
@Springy555:
The logs are not returning anything useful. I get log entries for when the page loads properly but it is not registering the SSL attempts. There is nothing the HTTP error log either.

[ W3SVC/701617028 ]
ServerComment = YMCA - ymcalincolnjobs.org
ServerAutoStart = True
ServerState = Server started
#Impersonated server account
SSLCertHash = 80 d8 8d 0d 05 4d 99 cd a1 bf d0 7a 2b 3a 0f 04 bd f8 86 57
SSLStoreName = MY
#CertName = www.ymcalincolnjobs.org
#WARNING: You DON'T have a private key that corresponds to this certificate
#Subject: SERIALNUMBER=qPhWmSQqbp9jOIY5Nb8oOGCkTwq7NCvq, C=US, O=www.ymcalincolnjobs.org, OU=GT63088694, OU=See www.rapidssl.com/resources/cps (c)09, OU=Domain Control Validated - RapidSSL(R), CN=www.ymcalincolnjobs.org
#Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
#Validity: From 12/27/2009 4:09:13 PM To 12/29/2012 12:13:45 PM
CertVerifyCertificateChainPolicy succeeded
SecureBindings = 10.x.x.17:443:

It looks like we might be on to something. Is there any way to generate a private key for this certificate?


@chilids:
I remoted to my home computer and tested the site and I am able to browse to it on 80 and telnet to it on 443.

@Tray896:
The certificate is viewable with no errors from the current site. I setup the certificate on another site and I get the same connection errors.
0
 

Author Comment

by:Jeff2009
ID: 26172931
Update: I have been able to regen the private key. THAT WAS IT!!!!!!!!!!!!

THANK YOU!!
0
 

Author Closing Comment

by:Jeff2009
ID: 31672455
Used the following like to repair the private key:

http://support.microsoft.com/kb/889651/
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times. After you install the OS you will need to install the fol…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Suggested Courses
Course of the Month13 days, 12 hours left to enroll

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question