Xeronimo
asked on
can't connect to my site via HTTPS?
Hi, so I've installed an SSL certificate on one of our old webservers, a Windows 2003 (yeah, I know), but I can't connect to it via https although I've configured port 443 in IIS ... any ideas why!? And no, it's not a firewall thing since I'm testing this internally.
Thanks!
Thanks!
ASKER
using the Certificates snap in ... it gets recognized there as a trusted certificate.
it's a wildcard certificate though. in case that's important?
it's a wildcard certificate though. in case that's important?
Did you install the Cert on the IIS side? https://technet.microsoft.com/en-us/library/cc732230%28v=ws.10%29.aspx
ASKER
I'm still on IIS 6 here ... but yes, I think I've done all of this. I was able to select the certificate in the properties window of that website on the IIS management console.
have you run an iisreset from cmd still installing the cert?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
iisreset? no, but I've restarted the IIS service ...
ok, gonna check that blog post, thank you
ok, gonna check that blog post, thank you
ASKER
Mark:
the diagnostic utility tells me the following:
[ W3SVC/435327458 ]
ServerComment = serv1.mydomain.com
ServerAutoStart = True
ServerState = Server started
#Could not impersonate server account
SSLCertHash = 02 3d 6b 3a 6f 62 70 c5 0e 3c ee 60 b5 42 3f 0d e0 dd 9a 9f
SSLStoreName = MY
#CertName = *.mydomain.com
#WARNING: You DON'T have a private key that corresponds to this certificate
#Subject: C=LU, L=xxx, O=xxx, CN=*.xxx.xxx
#Issuer: C=LU, O=LuxTrust S.A., CN=LuxTrust Qualified CA
#Validity: From 15/07/2015 10:22:30 To 15/07/2016 10:22:30
SecureBindings = 192.168.1.31:443:serv1.myd omain.com
#WARNING:Host headers are not supported in secure bindings
the diagnostic utility tells me the following:
[ W3SVC/435327458 ]
ServerComment = serv1.mydomain.com
ServerAutoStart = True
ServerState = Server started
#Could not impersonate server account
SSLCertHash = 02 3d 6b 3a 6f 62 70 c5 0e 3c ee 60 b5 42 3f 0d e0 dd 9a 9f
SSLStoreName = MY
#CertName = *.mydomain.com
#WARNING: You DON'T have a private key that corresponds to this certificate
#Subject: C=LU, L=xxx, O=xxx, CN=*.xxx.xxx
#Issuer: C=LU, O=LuxTrust S.A., CN=LuxTrust Qualified CA
#Validity: From 15/07/2015 10:22:30 To 15/07/2016 10:22:30
SecureBindings = 192.168.1.31:443:serv1.myd
#WARNING:Host headers are not supported in secure bindings
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Regarding warning 1: I can't create a new certificate!? I need to use this wildcard certificate ...
Regarding warning 2: I had added that line on the recommendation of some other website using cscript ... I have to see how to delete that line again then ...
Regarding warning 2: I had added that line on the recommendation of some other website using cscript ... I have to see how to delete that line again then ...
ASKER
any other ideas?
ASKER
no one?
Hi
Not me.
Maybe another expert will pick up?
Thanks
Mark
Not me.
Maybe another expert will pick up?
Thanks
Mark
ASKER
I might have identified the problem ... the certificate is a wildcard certificate and on this server it seems to be missing the private key associated with it ... I'm gonna try to export the certificate from the one server where it already works (that's a Linux one, mine is a Windows).
Ah. You mean (as per my earlier post):
:-)
Thanks
Mark/
Warning 1:
#WARNING: You DON'T have a private key that corresponds to this certificate
Try https://support.microsoft.com/en-us/kb/824035
:-)
Thanks
Mark/
ASKER
Mark: uh, yes :D Although your link didn't offer the solution I needed (which was exporting the certificate as a PFX file from the one server that it worked on and importing this PFX file on the other servers) But thanks anyway!
ASKER
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
D'oh, I found the problem ... the Windows Firewall of the Windows 2003 was blocking the SSL requests ... once I allowed them through the HTTPS pages could be accessed!
How did you 'install' the cert?
Thanks
Mark