IIS 6.0 getting page cannot be display when SSL is enabled.

I have looked at the other questions regarding this topic but nothing seems to apply. We are running a server 2003 Ent R2 SP2 box with IIS6. We have multiple sites setup in IIS using host header values on port 80. We are trying to enable SSL on one of the sites but the site will not display when attempting to view it on the secure channel (HTTPS). However, the site (along with all of the others) display just fine with standard http. I was getting a few errors but searching google has lead to no results. According to all of the articles i have read, it is realted to the default website already being binded to 443 but I don't have the defualt website as it has been deleted. Here is some additional information regarding the setup:

-IIS listens on 10.x.x.17 only (enabled the listenonly key when the server was first setup)
-The server has 1 additional IP but it is in use by Apache.
-Apace is only listening on 10.x.x.16
-Default website has been deleted
-Any restarts of IIS are clean and the registry reflects the site SSL configuration
-I can telnet to 443 using the DNS of the site
-80 and 443 are open on both server and firewall

At this point I am not sure what is going on. There are not errors other that page cannot be displayed. The URL is www.ymcalincolnjobs.org

Any help you can provide in resolving this issue would be greatly appreciated.
Jeff2009Asked:
Who is Participating?
 
Springy555Commented:
Also run the SSL Diagnostics tool.  Its very useful and has solved many a problem before!

http://www.microsoft.com/downloads/details.aspx?familyid=cabea1d0-5a10-41bc-83d4-06c814265282&displaylang=en
0
 
Springy555Commented:
What were the errors you were seeing?

As a test, if you remove SSL on the website you have applied it to, can you still telnet to the server on port 443 after an IISRESET?

If so, there is another site or service opening port 443.
0
 
chilidsCommented:
Is there anything set to use 443 besides the website in question?  Try using a different port, say 444, for the SSL on the site to see if there is a problem with the site settings or the port 443.
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
Springy555Commented:
Sorry, ignore my last comment.  IIS listens on port 443, even if no sites are configured to use it.

Is the website with SSL configured to listen on 10.x.x.17 and not 'all unnasigned'?
0
 
Jeff2009Author Commented:
@Springy555:

I remove the port specification on the site and did an iisreset. Telnet was unable to connect on 443 after that. I reenabled 443 and did another IIS reset and telnet started working again.

@chilids:
I set the SSL port to 444 and http://www.ymcalincolnjobs.org:444/ yields a blank page while https://www.ymcalincolnjobs.org:444/ yields a connection error.

Any other suggestions?
0
 
Jeff2009Author Commented:
@chilids:

The site is configure for the specific IP address (10.x.x.17) and not all assigned.
0
 
Tray896Commented:
I've seen similar behavior before.  The first thing I would check is the SSL binding for your website.  Verify that the binding for port 443 is set to the correct IP address - The same IP that the port 80 binding is set to.

If that is ok, then the next thing to try is remove the SSL cert from your website and then re-add it.  Just go through the server certificates wizard to do this and then try your site over https.
0
 
Springy555Commented:
Does the URL on the SSL certificate match exactly to what your typing in the browsers address bar?

Also try enabling IIS logging for the website.  If you select extended properties tab, ensure you select the sc-win32-status option.  Try hitting the site a few more times, then have a look at the IIS logs.
0
 
Jeff2009Author Commented:
@Tray896:

Thanks for the suggestion. I saw the SSL cert removal recommendation on another article I read. I have removed the cert, restarted IIS, assigned the cert, restarted IIS and still get the same result.

This is just the strangest things I have ever seen in all the years I have worked on web servers.
0
 
chilidsCommented:
This is probably a waste of time but is the server behind a NAT device?  If it is, is port forwarding setup for 443?  Also, can you browse the website from the webserver or another computer in the network?

0
 
Tray896Commented:
Jeff - How about if you create an entirely new website and install the cert to it.  Can you hit that site over https?

When you have the certificate installed, what happens when you click on View Certificate on the directory security tab of your website?  Does it show the cert with no errors?  
0
 
Jeff2009Author Commented:
@Springy555:
The logs are not returning anything useful. I get log entries for when the page loads properly but it is not registering the SSL attempts. There is nothing the HTTP error log either.

[ W3SVC/701617028 ]
ServerComment = YMCA - ymcalincolnjobs.org
ServerAutoStart = True
ServerState = Server started
#Impersonated server account
SSLCertHash = 80 d8 8d 0d 05 4d 99 cd a1 bf d0 7a 2b 3a 0f 04 bd f8 86 57
SSLStoreName = MY
#CertName = www.ymcalincolnjobs.org
#WARNING: You DON'T have a private key that corresponds to this certificate
#Subject: SERIALNUMBER=qPhWmSQqbp9jOIY5Nb8oOGCkTwq7NCvq, C=US, O=www.ymcalincolnjobs.org, OU=GT63088694, OU=See www.rapidssl.com/resources/cps (c)09, OU=Domain Control Validated - RapidSSL(R), CN=www.ymcalincolnjobs.org
#Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
#Validity: From 12/27/2009 4:09:13 PM To 12/29/2012 12:13:45 PM
CertVerifyCertificateChainPolicy succeeded
SecureBindings = 10.x.x.17:443:

It looks like we might be on to something. Is there any way to generate a private key for this certificate?


@chilids:
I remoted to my home computer and tested the site and I am able to browse to it on 80 and telnet to it on 443.

@Tray896:
The certificate is viewable with no errors from the current site. I setup the certificate on another site and I get the same connection errors.
0
 
Jeff2009Author Commented:
Update: I have been able to regen the private key. THAT WAS IT!!!!!!!!!!!!

THANK YOU!!
0
 
Jeff2009Author Commented:
Used the following like to repair the private key:

http://support.microsoft.com/kb/889651/
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.