Solved

How to diagnose https connection not working

Posted on 2011-03-08
6
904 Views
Last Modified: 2012-05-11
Hi,
I successfully setup a test system using a ssl certificate / https website for the first time and now rolling out to a 'production' machine. I've installed a new certificate and setup pc (xp pro / iis5.1 - don't judge!) in the same way as my test machine as far as I can tell but when I try to access a page using https I get browser error 118 (operation timed out).
Can someone please help me diagnose the problem - here's my 2c worth so far..:
1. Site works fine on http (which I need to leave in place)
2. Checked port 443 is open on main router (shared offices so IT dept have confirmed this)
3. Disabled pc security software firewall (ESET)
Current website settings as shown in attached image.
Thanks.

server-website-settings.jpg
0
Comment
Question by:nigelr99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 30

Accepted Solution

by:
Brad Howe earned 250 total points
ID: 35068839
If it is all good, install SSL diag and give it a test. After is searches, scroll to your site and verify certificate chain and root is installed.
Run, SSL Diagnostics to troubleshoot.

1. Firewall. you could test this by using telnet to port 443.  If it is open, it will connect and go black.
    eg: telnet your.domain.com 443

2. Does it browse locally?

3. SSL Diagnostics
x86
http://www.microsoft.com/downloads/en/details.aspx?familyid=cabea1d0-5a10-41bc-83d4-06c814265282&displaylang=en

x64
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=1CBFB70E-F442-4BB2-940B-351C3A7D62CF&%3Bdisplaylang=en


Let us know,
Hades666
0
 

Author Comment

by:nigelr99
ID: 35070307
Thanks,

In response:
1. I disabled local firewall but telnet could still not connect. I had IT dept to re-check 443 port forwarding which they did.
2. I cannot connect locally using https://locahost
3. Ran ssldiag and had handshake error as shown in attached image.
Looked for some more information on the error number but struggling to find a way forward. Any ideas appreciated.

server-ssl-error.jpg
0
 
LVL 30

Expert Comment

by:Brad Howe
ID: 35070350
If you cannot connect even locally then it is not a firewall issue.

If you open up IIS Manager and review the directory Security for the certificate, is the entire chain present?

-Hades666
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 30

Expert Comment

by:Brad Howe
ID: 35070450
you may also what to verify the permissions on the machinekey folder.

Default permissions for the MachineKeys folders
http://support.microsoft.com/?id=278381 

Or

as simple a reboot...

Hades666
0
 

Author Comment

by:nigelr99
ID: 35073488
Ok, Certificate chain looks fine (see image) - I even tried removing / re-importing certificate.
Permissions on MachineKeys folder look OK.
Rebooted and still no joy. I'm sure I'm missing something simple here. IT dept is swapping router overnight but if I can't connect locally then there's not much point in that!
Any more ideas please?
Cheers.

server-cert-path.jpg
0
 

Author Comment

by:nigelr99
ID: 35087250
It turns out the 'IT dept' router uses https for remote management which has now been disabled and after re-installing certificate (out of desperation if nothing else) and then stopping and re-starting w3svc service it magically works!
Thanks for you help with diagnostics hades666 - I will award you the points. Cheers!
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction and Prerequisites This article describes methods for detecting whether a client browser accepts and returns HTTP cookies and whether the client browser runs JavaScript.  Most client browsers will, by default, be configured to use cooki…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question