can't connect to my site via HTTPS?

Hi, so I've installed an SSL certificate on one of our old webservers, a Windows 2003 (yeah, I know), but I can't connect to it via https although I've configured port 443 in IIS ... any ideas why!? And no, it's not a firewall thing since I'm testing this internally.

Thanks!
XeronimoAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mark GalvinManaging Director / Principal ConsultantCommented:
Hi

How did you 'install' the cert?

Thanks
Mark
XeronimoAuthor Commented:
using the Certificates snap in ... it gets recognized there as a trusted certificate.

it's a wildcard certificate though. in case that's important?
Mark GalvinManaging Director / Principal ConsultantCommented:
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

XeronimoAuthor Commented:
I'm still on IIS 6 here ... but yes, I think I've done all of this. I was able to select the certificate in the properties window of that website on the IIS management console.
Mark GalvinManaging Director / Principal ConsultantCommented:
have you run an iisreset from cmd still installing the cert?
Mark GalvinManaging Director / Principal ConsultantCommented:
Try this blog post out and see how you get on http://bradkingsley.com/troubleshooting-ssl-in-iis/

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
XeronimoAuthor Commented:
iisreset? no, but I've restarted the IIS service ...  

ok, gonna check that blog post, thank you
XeronimoAuthor Commented:
Mark:

the diagnostic utility tells me the following:

[ W3SVC/435327458 ]
ServerComment = serv1.mydomain.com
ServerAutoStart = True
ServerState = Server started
#Could not impersonate server account
SSLCertHash = 02 3d 6b 3a 6f 62 70 c5 0e 3c ee 60 b5 42 3f 0d e0 dd 9a 9f
SSLStoreName = MY
#CertName = *.mydomain.com
#WARNING: You DON'T have a private key that corresponds to this certificate
#Subject: C=LU, L=xxx, O=xxx, CN=*.xxx.xxx
#Issuer: C=LU, O=LuxTrust S.A., CN=LuxTrust Qualified CA
#Validity: From 15/07/2015 10:22:30 To 15/07/2016 10:22:30
SecureBindings = 192.168.1.31:443:serv1.mydomain.com
#WARNING:Host headers are not supported in secure bindings
Mark GalvinManaging Director / Principal ConsultantCommented:
OK.
Warning 1:
#WARNING: You DON'T have a private key that corresponds to this certificate
Try https://support.microsoft.com/en-us/kb/824035 
Warning 2:
#WARNING:Host headers are not supported in secure bindings
Try https://msdn.microsoft.com/en-us/library/ee248704%28v=vs.100%29.aspx
XeronimoAuthor Commented:
Regarding warning 1: I can't create a new certificate!? I need to use this wildcard certificate ...

Regarding warning 2: I had added that line on the recommendation of some other website using cscript ... I have to see how to delete that line again then ...
XeronimoAuthor Commented:
any other ideas?
XeronimoAuthor Commented:
no one?
Mark GalvinManaging Director / Principal ConsultantCommented:
Hi

Not me.

Maybe another expert will pick up?

Thanks
Mark
XeronimoAuthor Commented:
I might have identified the problem ... the certificate is a wildcard certificate and on this server it seems to be missing the private key associated with it ... I'm gonna try to export the certificate from the one server where it already works (that's a Linux one, mine is a Windows).
Mark GalvinManaging Director / Principal ConsultantCommented:
Ah. You mean (as per my earlier post):
Warning 1:
#WARNING: You DON'T have a private key that corresponds to this certificate
Try https://support.microsoft.com/en-us/kb/824035

:-)

Thanks
Mark/
XeronimoAuthor Commented:
Mark: uh, yes :D Although your link didn't offer the solution I needed (which was exporting the certificate as a PFX file from the one server that it worked on and importing this PFX file on the other servers) But thanks anyway!
XeronimoAuthor Commented:
Ok, so now I've imported that PFX file and the certificate is installed correctly.

I still don't get a connecting via https on this server though (unlike on the 2008 one).

Any other ideas? Also is it normal that there are no values at those lines that start with Ssl?

ss
Sanjay SantokiCommented:
Hello,

Are you able to see private key symbol while you open certificate bind to website?

Please ensure that there isn't any firewall restrictions. What error message are you getting exactly while you open website with browser?

Regards,
Sanjay Santoki
XeronimoAuthor Commented:
D'oh, I found the problem ... the Windows Firewall of the Windows 2003 was blocking the SSL requests ... once I allowed them through the HTTPS pages could be accessed!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.