Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

self signed certificate not working on IIS6

Posted on 2011-09-27
11
696 Views
Last Modified: 2012-08-13
I've been trying to get my self-signed certificate to work on my 2003 Server using IIS.  I installed the iis60rkt.exe and used selfssl.exe to created the certificate.  

Here is the command: selfssl /N:cn=apitest.domain.com /K:1024 /V:365 /S:1 /P:443 /T.  

I created it under the default web site.  I can view the certificate and everything appears to be fine.  No red Xs anywhere. Using the /T was the key to have it automatically adding itself to the Root CA certificates on the local computer.  After what appears to be a valid certificate, I go into IIS to assign a simple index.htm page in the default www folder.  I input 443 to the SSL port.  I click on Directory Security and click Edit at the bottom in the the Secure Communications settings.  I put a check mark on the Require Secure channel (SSL) and Require 128 bit encryption.  

Finally, I try the link https://apitest.domain.com and nothing.  I also try with ../index.htm but still nothing.  The error I receive is "Internet Explorer cannot display the web page."  I go back into IIS and remove the Require Secure channel and the page appears instantly in IE9.

I've created certreq.txt for many web sites and Exchange OWAs and never had a problem applying the ssl certificates.  It doesn't seem that difficult to me but I know I'm missing something.

I could use some help.

Mike
0
Comment
Question by:GabicusC
  • 6
  • 4
11 Comments
 
LVL 16

Expert Comment

by:jessc7
ID: 36714072
Have you explicity bound port 443?
0
 

Author Comment

by:GabicusC
ID: 36714130
Here is the port assignment.

 Ports

self signed apitest cert

 APItest Cert

Require SSL

 Require SSL
0
 
LVL 16

Expert Comment

by:jessc7
ID: 36714132
Do you have any other web sites in IIS bound to port 443 using the same IP address? There are some limitations with IIS where this might cause a conflict.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:GabicusC
ID: 36715061
No, this is the only site that will be using port 443.
0
 
LVL 16

Expert Comment

by:jessc7
ID: 36716670
Hmm, yeah nothing stands out for me right away. Have you turned off "Friendly Errors" in IE, so you can hopefully see a more detailed error message?

Another thought - can you look at the IIS logs for any error messages or warnings?
0
 
LVL 19

Expert Comment

by:R--R
ID: 36716779
There may be issue with certificate, create another one and try..
0
 

Author Comment

by:GabicusC
ID: 36718213
Yeah, I've created about 6 certs all together. I removed the previous ones.  I think I need to test my procedures on another server with just the base IIS setup to confirm it works.

Thanks guys for trying!

Mike
0
 

Accepted Solution

by:
GabicusC earned 0 total points
ID: 36818827
I found the answer!!!

This issue occurs if the administrator who tries to create the certificate request does not have Full Control permissions on the files and the subfolders in the following folder:
\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

To resolve this issue, grant the administrator account Full Control on all files and subfolders in the MachineKeys folder. To do this, follow these steps:
1.      Click Start, click Run, type "\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\", and then click OK.
2.      Right-click MachineKeys, and then click Properties.
3.      On the Security tab, click Administrator or click the administrator group account you want, click to select the check box to enable Full Control permissions, and then click OK.

SEE: http://support.microsoft.com/kb/908572
0
 

Author Comment

by:GabicusC
ID: 36818833
After assigning the full permissions, remove the key and regenerate following the same steps and  commands as before.

Everything I did was correct.  I just didn't have the correct permissions.

0
 
LVL 16

Expert Comment

by:jessc7
ID: 36818921
Good find!
0
 

Author Closing Comment

by:GabicusC
ID: 36935268
People were helpful but this was an unusual situation and I ended up finding the solution by myself.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
HTTP to HTTPS redirect is not working 1 93
how to generate a csr to request an intermediate ca on os x 3 49
vmware horizon certificate question 2 69
RDP Sonicwall 8 88
Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no iss…
Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question