MOSS 2007 using SSL 403 error

SowelaIT
SowelaIT used Ask the Experts™
on
I am running MOSS 2007 on IIS7 on 2008 servrer.
We recently wanted to go SSL so I created a new SSP, new web app, new app pool, new SSP admin.
We applied the certificate to the new site.
I created a new site collection and when I click on it I am getting HTTP 403 Forbidden error.
The message state, "declined to show this page, Most likely cause the website requires you to log in."
I am not getting a log in screen and I am using AD authentication.
Is there a certain place I should look?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
1. Use an account that has administrative permissions to log on to the computer that is running the Office SharePoint Server 2007 indexing service.

2. Click Start, click Run, type cmd, and then click OK.

3. At the command prompt, type the following command, and then press ENTER:

attrib –s %windir%\tasks

Note In this example, %windir% is the path of the Windows folder. For example, the path can be C:\Windows.

Note If Windows Explorer is open when you make this change, you will not see the extra tab in Windows Explorer. If Windows Explorer is already open, close and then reopen it before you perform step 4.

4. In Windows Explorer, right-click the Tasks folder, and then click Properties.

5. In the Tasks Properties dialog box, click the Security tab, and then click Add

6. In the Select Users, Computers, or Groups dialog box, type WSS_WPG in the Enter object names to select box, and then click OK.

7. Grant the following permissions for the WSS_WPG account, and then click OK:• Read

• Write

8. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

9. In Internet Information Services (IIS) Manager, right-click ComputerName (local computer), click All Tasks, and then click Restart IIS.

10. Click Start, click Run, type cmd, and then click OK.

11. At the command prompt, type the following command, and then press ENTER:

attrib +s %windir%\tasks

Note this resets the Tasks Property back to the default view.

Ps. Perform the above task on all the SharePoint Servers.
Justin SmithSr. System Engineer
Top Expert 2012

Commented:
I wouldn't perform the above without more explanation.

I don't think I fully understand your situtation.  Why did you create a new SSP?  What exactly did you apply the SSL to?  Is it a wildcard cert?

Author

Commented:
To ACH1LLES.
I created a new SSP with the intent of making it run parallel in case I could not get the SSL working correctly. I was going to migrate the files from the current SSP to the new after the cert was in place and then destroy the old. I have had one brief class in the MOSS 2007 and none in IIS7 so I know enough to mess things up. It is  a  local cert that we were going to replace with a verisign as soon as everything is working.

Is there a way to just apply to the current site without disrupting service for more than a couple of hours?
Justin SmithSr. System Engineer
Top Expert 2012

Commented:
What is the purpose of the cert?  Are you just trying to secure a certain web site?  Or are you wanting to use SSL for inter-service communications as well?  

I'm guessing you just want to secure your SharePoint site (https://sharepoint.site.com).....right?

If so, it's not too difficult and won't mess up your service for more than a few minutes.  Also, it has nothing to do with your SSP.

Author

Commented:
We are using right now as Intranet only on campus. We want to give access off campus to users. So we need to secure with SSL.
Sr. System Engineer
Top Expert 2012
Commented:
Depending on what your exact requirements are, you can simply add an alternate access mapping to your web application for the https address, or you can extend the web application and use https as the URL.  Extending will create a new IIS site, adding an AAM will esentially be adding a mapping to the existing IIS site.

Do one of the above, then apply the cert to the IIS site, and you will be good to go.  You don't really need to do anything in the SSP.

Author

Commented:
Ok, that makes sense. I guess I was trying to make things too hard. I am going to leave this question open for a few until I can accomplish this. I will come back and let you know.  -- Thanks.

Author

Commented:
Thank you very much. I extended the current web application applied the certificate and it works!
Justin SmithSr. System Engineer
Top Expert 2012

Commented:
Glad it worked out for you :).  Please close the ticket if you have everything you need.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial