Link to home
Start Free TrialLog in
Avatar of Xeronimo
XeronimoFlag for Luxembourg

asked on

can't connect to my site via HTTPS?

Hi, so I've installed an SSL certificate on one of our old webservers, a Windows 2003 (yeah, I know), but I can't connect to it via https although I've configured port 443 in IIS ... any ideas why!? And no, it's not a firewall thing since I'm testing this internally.

Thanks!
Avatar of Mark Galvin
Mark Galvin
Flag of United Kingdom of Great Britain and Northern Ireland image

Hi

How did you 'install' the cert?

Thanks
Mark
Avatar of Xeronimo

ASKER

using the Certificates snap in ... it gets recognized there as a trusted certificate.

it's a wildcard certificate though. in case that's important?
I'm still on IIS 6 here ... but yes, I think I've done all of this. I was able to select the certificate in the properties window of that website on the IIS management console.
have you run an iisreset from cmd still installing the cert?
ASKER CERTIFIED SOLUTION
Avatar of Mark Galvin
Mark Galvin
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
iisreset? no, but I've restarted the IIS service ...  

ok, gonna check that blog post, thank you
Mark:

the diagnostic utility tells me the following:

[ W3SVC/435327458 ]
ServerComment = serv1.mydomain.com
ServerAutoStart = True
ServerState = Server started
#Could not impersonate server account
SSLCertHash = 02 3d 6b 3a 6f 62 70 c5 0e 3c ee 60 b5 42 3f 0d e0 dd 9a 9f
SSLStoreName = MY
#CertName = *.mydomain.com
#WARNING: You DON'T have a private key that corresponds to this certificate
#Subject: C=LU, L=xxx, O=xxx, CN=*.xxx.xxx
#Issuer: C=LU, O=LuxTrust S.A., CN=LuxTrust Qualified CA
#Validity: From 15/07/2015 10:22:30 To 15/07/2016 10:22:30
SecureBindings = 192.168.1.31:443:serv1.mydomain.com
#WARNING:Host headers are not supported in secure bindings
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Regarding warning 1: I can't create a new certificate!? I need to use this wildcard certificate ...

Regarding warning 2: I had added that line on the recommendation of some other website using cscript ... I have to see how to delete that line again then ...
any other ideas?
no one?
Hi

Not me.

Maybe another expert will pick up?

Thanks
Mark
I might have identified the problem ... the certificate is a wildcard certificate and on this server it seems to be missing the private key associated with it ... I'm gonna try to export the certificate from the one server where it already works (that's a Linux one, mine is a Windows).
Ah. You mean (as per my earlier post):
Warning 1:
#WARNING: You DON'T have a private key that corresponds to this certificate
Try https://support.microsoft.com/en-us/kb/824035

:-)

Thanks
Mark/
Mark: uh, yes :D Although your link didn't offer the solution I needed (which was exporting the certificate as a PFX file from the one server that it worked on and importing this PFX file on the other servers) But thanks anyway!
Ok, so now I've imported that PFX file and the certificate is installed correctly.

I still don't get a connecting via https on this server though (unlike on the 2008 one).

Any other ideas? Also is it normal that there are no values at those lines that start with Ssl?

User generated image
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
D'oh, I found the problem ... the Windows Firewall of the Windows 2003 was blocking the SSL requests ... once I allowed them through the HTTPS pages could be accessed!