can't connect to my site via HTTPS?

Hi, so I've installed an SSL certificate on one of our old webservers, a Windows 2003 (yeah, I know), but I can't connect to it via https although I've configured port 443 in IIS ... any ideas why!? And no, it's not a firewall thing since I'm testing this internally.

Thanks!
XeronimoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mark GalvinManaging Director / Principal ConsultantCommented:
Hi

How did you 'install' the cert?

Thanks
Mark
0
XeronimoAuthor Commented:
using the Certificates snap in ... it gets recognized there as a trusted certificate.

it's a wildcard certificate though. in case that's important?
0
Mark GalvinManaging Director / Principal ConsultantCommented:
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

XeronimoAuthor Commented:
I'm still on IIS 6 here ... but yes, I think I've done all of this. I was able to select the certificate in the properties window of that website on the IIS management console.
0
Mark GalvinManaging Director / Principal ConsultantCommented:
have you run an iisreset from cmd still installing the cert?
0
Mark GalvinManaging Director / Principal ConsultantCommented:
Try this blog post out and see how you get on http://bradkingsley.com/troubleshooting-ssl-in-iis/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
XeronimoAuthor Commented:
iisreset? no, but I've restarted the IIS service ...  

ok, gonna check that blog post, thank you
0
XeronimoAuthor Commented:
Mark:

the diagnostic utility tells me the following:

[ W3SVC/435327458 ]
ServerComment = serv1.mydomain.com
ServerAutoStart = True
ServerState = Server started
#Could not impersonate server account
SSLCertHash = 02 3d 6b 3a 6f 62 70 c5 0e 3c ee 60 b5 42 3f 0d e0 dd 9a 9f
SSLStoreName = MY
#CertName = *.mydomain.com
#WARNING: You DON'T have a private key that corresponds to this certificate
#Subject: C=LU, L=xxx, O=xxx, CN=*.xxx.xxx
#Issuer: C=LU, O=LuxTrust S.A., CN=LuxTrust Qualified CA
#Validity: From 15/07/2015 10:22:30 To 15/07/2016 10:22:30
SecureBindings = 192.168.1.31:443:serv1.mydomain.com
#WARNING:Host headers are not supported in secure bindings
0
Mark GalvinManaging Director / Principal ConsultantCommented:
OK.
Warning 1:
#WARNING: You DON'T have a private key that corresponds to this certificate
Try https://support.microsoft.com/en-us/kb/824035 
Warning 2:
#WARNING:Host headers are not supported in secure bindings
Try https://msdn.microsoft.com/en-us/library/ee248704%28v=vs.100%29.aspx
0
XeronimoAuthor Commented:
Regarding warning 1: I can't create a new certificate!? I need to use this wildcard certificate ...

Regarding warning 2: I had added that line on the recommendation of some other website using cscript ... I have to see how to delete that line again then ...
0
XeronimoAuthor Commented:
any other ideas?
0
XeronimoAuthor Commented:
no one?
0
Mark GalvinManaging Director / Principal ConsultantCommented:
Hi

Not me.

Maybe another expert will pick up?

Thanks
Mark
0
XeronimoAuthor Commented:
I might have identified the problem ... the certificate is a wildcard certificate and on this server it seems to be missing the private key associated with it ... I'm gonna try to export the certificate from the one server where it already works (that's a Linux one, mine is a Windows).
0
Mark GalvinManaging Director / Principal ConsultantCommented:
Ah. You mean (as per my earlier post):
Warning 1:
#WARNING: You DON'T have a private key that corresponds to this certificate
Try https://support.microsoft.com/en-us/kb/824035

:-)

Thanks
Mark/
0
XeronimoAuthor Commented:
Mark: uh, yes :D Although your link didn't offer the solution I needed (which was exporting the certificate as a PFX file from the one server that it worked on and importing this PFX file on the other servers) But thanks anyway!
0
XeronimoAuthor Commented:
Ok, so now I've imported that PFX file and the certificate is installed correctly.

I still don't get a connecting via https on this server though (unlike on the 2008 one).

Any other ideas? Also is it normal that there are no values at those lines that start with Ssl?

ss
0
Sanjay SantokiCommented:
Hello,

Are you able to see private key symbol while you open certificate bind to website?

Please ensure that there isn't any firewall restrictions. What error message are you getting exactly while you open website with browser?

Regards,
Sanjay Santoki
0
XeronimoAuthor Commented:
D'oh, I found the problem ... the Windows Firewall of the Windows 2003 was blocking the SSL requests ... once I allowed them through the HTTPS pages could be accessed!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.