Certificate Problem on IIS6 running SP2

I'm having a problem applying a certificate to a website hosted on IIS6 with SP2 installed.  The CSR was generated OK, and as far as I can see, the certificate was applied OK, but when I try to access any HTTPS pages that this certificate should cover, I am getting an "Internet Explorer cannot display the webpage" message (HTTP friendly errors have been disabled).

I've downloaded the SSL Diagnostics program from Microsoft and have subsiquently found this error -

"#WARNING:Error 0x800b0110 : The server certificate is not valid for the requested usage

Upon Googling this error, it would suggest that a Client Certificate is in place instead of a Web Certificate but I'm not sure how to resolve this (if this is infact what is causing the problem).  Help would be much appreciated as soon as possible!!

Thanks
pabby061203Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ShrColCommented:
0
pabby061203Author Commented:
Thanks for getting back to me, this would further confirm that I am along the right lines in my thinking - however I don't see any option to select either a Web or Client Certificate.  As a test, I have went through the CSR generation again to create a dummy CSR and make sure I haven't missed anything, following the exact same steps as I did previously - again at the end of the wizard it said i had successfully generated a web certificate signing request, which would suggest that I am not doing anything wrong...

Am i missing something obvious?
0
ShrColCommented:
Ok, the above would be more relevant if you had used something other than IIS to generate the CSR. What SSL provider are you using?
0
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

ShrColCommented:
My thinking is it may have been an option you selected with the provider that's caused them to generate the wrong type of certificate. Might be worth trying a free trial certificate (http://www.rapidssl.com/), see if that works correctly and isolate the issue.
0
pabby061203Author Commented:
GoDaddy...I know they don't necessarily have the best reputation but we have used them for other certificates in the past and they have been fine.  I spoke to one of their reps earlier this morning who suggested that it may have been downloaded incorrectly, so tried a fresh install of the certificate (and intermeddiatory (sp.) certificate but to no avail.
0
pabby061203Author Commented:
thanks, i'll give that a go and report back
0
pabby061203Author Commented:
right, i've tried applying another (free) certififcate to try and rule out a problem at my end, but it doesn't seem to want to apply properly - SSLDiag error I am getting is:

#WARNING: SSL port (SecureBindings) set but certificate not installed

Any ideas, as I have installed it the same way as previous certificates....
0
ShrColCommented:
Open IIS, open the properties of the site you are applying the certificate to, open the Directory Security tab - can you click the 'View Certificate' button or is it greyed out?
0
pabby061203Author Commented:
yes, it's letting me view the certificate as normal...
0
pabby061203Author Commented:
ok, i have fixed that error, and there are no errors being returned with the free certificate which is now applied, so you would think its working OK...but I still can't seem to hit any https pages - just timing out...
0
ShrColCommented:
Having applied the certificate run 'iisreset' from the command prompt, if you are happy the certificate is applied correctly.
0
pabby061203Author Commented:
I've tried iisreset but to no avail. After restarting iis, I've again run SSLDiag with no errors being returned, but when I try to hit any hhtps pages, it is still just timing out...

the website is www.freetankjackets.com
0
ShrColCommented:
I presume you have checked the IIS properties and ensured its listening on port 443. Can you post a screen shot of the 'Web Site' tab?
0
pabby061203Author Commented:
screenshot attached...yep its listening on port 443, and is the only site in my setup listening on 443...
website.jpg
0
ShrColCommented:
Also, on the server open a command prompt and type: netstat -a | find "https"

Let me know what that returns. Thats a pipe (shift + backspace) before the find command.
0
ShrColCommented:
I notice this is running with an external IP address. Is this server in a DMZ or a hosted dedicated server?
0
pabby061203Author Commented:
the return can be seen below...

C:\Documents and Settings\gtiadmin>netstat -a|find "https"
  TCP    7dcs-gti-01:https      7dcs-gti-01:0          LISTENING
  TCP    7dcs-gti-01:https      7dcs-gti-01:0          LISTENING
0
paritoshjaniCommented:

Be sure TCP 443 traffic is allowed if there any firewall. also, in advance tab, 443 should integrated with particular IP instead all IP.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ShrColCommented:
Beat me to it! Was just about to say make sure https can pass your firewall.
0
pabby061203Author Commented:
Its a dedicated server we have with a company down south.  Firewall isn't an issue as I have checked this avenue before at the very start...

By integrated with particular IP, I believe I have the setup right, please see attached screenshot...
website2.jpg
0
paritoshjaniCommented:
I have tried to telnet TCP 443 on 217.77.4.85 but can't. It must be something which is blocking request to come at server. Also, try restarting IIS once using with IISRESET command.

0
ShrColCommented:
I would ask them to double check the firewall angle, as the rest of your setup looks fine. More so since the SSLDiag reports no issues.
0
pabby061203Author Commented:
OK, i'll give them a call just now... thanks for all your help up to this point guys! :)
0
ShrColCommented:
Just to rule out the firewall angle, put https://217.77.4.85 - into IE on the server. See what that brings up.
0
pabby061203Author Commented:
I'm beginning to think you may be right about the firewall...I have a vague recollection of having to request that port be opened when we initially set up a certificate on another IP, I had spoken to a tech guy briefly but I am guessing he never actually checked it and assumed that because the port was open on the first IP, that would be the case on the additional.  i've raised it as an issue withtem just now, so awaiting feedback.  Fingers crossed this works...in which case I can assume that it is GoDaddy who are responsible for my initial problem....

Will post with any additional developments, cheers guys...
0
pabby061203Author Commented:
ShrCol:

It's again just timing out...would that suggest it is firewall related?
0
ShrColCommented:
If it times out when you try and connect to it locally (i.e. from IE on the server that hosts the site) then its unlikely to be firewall related as its local traffic.
0
pabby061203Author Commented:
oops, misread your instruction...its not timing out when i use IE on the server...getting the site OK when I access it as local traffic so I am hopefull that this could be the problem resolved!  Just waiting to here back from my server provider....
0
ShrColCommented:
Ah ok, then thats a firewall issue for sure. Let us know how you get on.
0
pabby061203Author Commented:
It was indeed a firewall issue! Cheers!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.