|
Home > Archive > IIS Server Security > February 2004 > Renewed Certificate not working
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Renewed Certificate not working
|
|
| Hasnain 2004-02-12, 4:34 pm |
| Hi,
I have got an strange issue.
The problem is, I have just renewed a certificate but its not working i.e.
it has been installed properly, visible in request and personal folder in
'certificate snap-in' in MMC, valid date till 2005 but.the site is
inaccessible with https:// It was working fine with the previous
certificate, which expired, so we asked for a renewed certificate.
I first tried with replace certificate, which didn't work, although the
certificate was installed properly.
Then I start from the scratch and remove all previous entries, install the
new certificate again, which was installed properly again, but didn't work.
I then even tried to install free sample 30 days certificate which was
installed but again, site didn't respond on https:// and keep giving "The
page cannot be displayed" error. The last line in the browser says "Cannot
find server or DNS Error" so I have tried to run the site using its IP in
order to bypass DNS but id didn't work either. Above all it was working fine
earlier. The same IP was also being used by other sites in such a way that
all were directing to same 'home directory', so I removed all the rest of
the sites too.
Do anyone of you have any solution for this. I will really appreciate it as
I m completely stuck for the last three days.
Thanks in advance,
Hasnain
Internal Support Manager
| |
| Bernard 2004-02-12, 9:34 pm |
| Sorry, so the problem now is renewed cert not working or you still getting
cannot find dns error ?
--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"Hasnain" <Sacchal@hotmail.com> wrote in message
news:eF19Vff8DHA.3704@tk2msftngp13.phx.gbl...
> Hi,
>
> I have got an strange issue.
>
> The problem is, I have just renewed a certificate but its not working i.e.
> it has been installed properly, visible in request and personal folder in
> 'certificate snap-in' in MMC, valid date till 2005 but.the site is
> inaccessible with https:// It was working fine with the previous
> certificate, which expired, so we asked for a renewed certificate.
>
>
>
> I first tried with replace certificate, which didn't work, although the
> certificate was installed properly.
>
>
>
> Then I start from the scratch and remove all previous entries, install the
> new certificate again, which was installed properly again, but didn't
work.
> I then even tried to install free sample 30 days certificate which was
> installed but again, site didn't respond on https:// and keep giving "The
> page cannot be displayed" error. The last line in the browser says "Cannot
> find server or DNS Error" so I have tried to run the site using its IP in
> order to bypass DNS but id didn't work either. Above all it was working
fine
> earlier. The same IP was also being used by other sites in such a way that
> all were directing to same 'home directory', so I removed all the rest of
> the sites too.
>
>
>
> Do anyone of you have any solution for this. I will really appreciate it
as
> I m completely stuck for the last three days.
>
>
>
> Thanks in advance,
>
>
>
> Hasnain
>
> Internal Support Manager
>
>
>
>
| |
| Hasnain 2004-02-12, 10:34 pm |
| The problem now is, the renewed certificate indicate no error anywhere but
the site is unaccessible from https://
One more thing, we have another site working with a different certificate on
the same server, from same authority.
"Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:uIgwjvh8DHA.2412@TK2MSFTNGP09.phx.gbl...
> Sorry, so the problem now is renewed cert not working or you still getting
> cannot find dns error ?
>
> --
> Regards,
> Bernard Cheah
> http://support.microsoft.com/
> Please respond to newsgroups only ...
>
>
> "Hasnain" <Sacchal@hotmail.com> wrote in message
> news:eF19Vff8DHA.3704@tk2msftngp13.phx.gbl...
i.e.[color=blue]
in[color=blue]
the[color=blue]
> work.
"The[color=blue]
"Cannot[color=blue]
in[color=blue]
> fine
that[color=blue]
of[color=blue]
> as
>
>
| |
| Hasnain 2004-02-13, 1:46 am |
| not working means that we are getting DNS error.
"Hasnain" <Sacchal@hotmail.com> wrote in message
news:%23vFV%23Wi8DHA.2332@TK2MSFTNGP10.phx.gbl...
> The problem now is, the renewed certificate indicate no error anywhere but
> the site is unaccessible from https://
> One more thing, we have another site working with a different certificate
on
> the same server, from same authority.
>
> "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> news:uIgwjvh8DHA.2412@TK2MSFTNGP09.phx.gbl...
getting[color=blue]
> i.e.
> in
the[color=blue]
> the
> "The
> "Cannot
> in
working[color=blue]
> that
> of
it[color=blue]
>
>
| |
| Bernard 2004-02-15, 1:34 am |
| so you have at least 2 SSL in one box, are they binding at different IP or
ports ?
when you do 'netstat -an' do you see 2 binding on port 443 ?
and try -
PRB: Error "Page Cannot Be Displayed" When You Connect Through HTTPS
http://support.microsoft.com/?id=290391
"Cannot find server" or "DNS" Errors When Using SSL (Q & A)
http://support.microsoft.com/?id=292296
--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"Hasnain" <Sacchal@hotmail.com> wrote in message
news:uiUGOIk8DHA.4044@tk2msftngp13.phx.gbl...
> not working means that we are getting DNS error.
>
> "Hasnain" <Sacchal@hotmail.com> wrote in message
> news:%23vFV%23Wi8DHA.2332@TK2MSFTNGP10.phx.gbl...
but[color=blue]
certificate[color=blue]
> on
> getting
working[color=blue]
folder[color=blue]
> the
install[color=blue]
didn't[color=blue]
was[color=blue]
IP[color=blue]
> working
way[color=blue]
rest[color=blue]
appreciate[color=blue]
> it
>
>
| |
| Hasnain 2004-02-15, 4:33 pm |
| Those two SSL are on the same box, binded to diffrenet IPs but using same
port number i.e. 443.
When I use netstat -an I got so many lines, I hope the following lines you
might be interested in:
Proto Local Address Foreing Address State
TCP 0:0:0:0:443 0.0.0.0 LISTENING
UDP "PC IP":53 *:*
UDP "PC IP":500 *:*
UDP "PC IP":5632 *:*
Thanks for the article you mentioned. I had already gone through the article
290391 but 292296 was new to me, but I don't think removing the binding from
default web site will work as the other site having another valid
certificate (from the same source) is already working perfectly. Do I need
to assign different SSL port for another another web site?
Please help,
thanks,
Hasnain.
"Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:Olkbd588DHA.1548@tk2msftngp13.phx.gbl...
> so you have at least 2 SSL in one box, are they binding at different IP or
> ports ?
> when you do 'netstat -an' do you see 2 binding on port 443 ?
>
> and try -
> PRB: Error "Page Cannot Be Displayed" When You Connect Through HTTPS
> http://support.microsoft.com/?id=290391
>
>
> "Cannot find server" or "DNS" Errors When Using SSL (Q & A)
> http://support.microsoft.com/?id=292296
>
>
> --
> Regards,
> Bernard Cheah
> http://support.microsoft.com/
> Please respond to newsgroups only ...
>
>
> "Hasnain" <Sacchal@hotmail.com> wrote in message
> news:uiUGOIk8DHA.4044@tk2msftngp13.phx.gbl...
> but
> certificate
> working
> folder
although[color=blue]
> install
> didn't
> was
giving[color=blue]
its[color=blue]
> IP
> way
> rest
> appreciate
>
>
| |
| Bernard 2004-02-15, 6:34 pm |
| Ok now, you have to make sure each cert is binding to its own IP.
IIS MMC - Site's properties - Web site tab - Advanced button,
at the SSL section, click edit - change 'all unassigned' to its IP.
now, you might want to try SSL diag as well.
http://www.microsoft.com/technet/tr...ds/ssldiags.asp
this will help diagnose SSL error for you. FYI, I have one IP 2 sites with
2 certs. binding on different ports.
--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"Hasnain" <Sacchal@hotmail.com> wrote in message
news:e#Y87CF9DHA.1592@TK2MSFTNGP10.phx.gbl...
> Those two SSL are on the same box, binded to diffrenet IPs but using same
> port number i.e. 443.
>
> When I use netstat -an I got so many lines, I hope the following lines you
> might be interested in:
>
> Proto Local Address Foreing Address State
> TCP 0:0:0:0:443 0.0.0.0 LISTENING
> UDP "PC IP":53 *:*
> UDP "PC IP":500 *:*
> UDP "PC IP":5632 *:*
>
> Thanks for the article you mentioned. I had already gone through the
article
> 290391 but 292296 was new to me, but I don't think removing the binding
from
> default web site will work as the other site having another valid
> certificate (from the same source) is already working perfectly. Do I need
> to assign different SSL port for another another web site?
>
> Please help,
>
> thanks,
>
> Hasnain.
>
>
> "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> news:Olkbd588DHA.1548@tk2msftngp13.phx.gbl...
or[color=blue]
anywhere[color=blue]
is[color=blue]
certificate.[color=blue]
> although
which[color=blue]
> giving
says[color=blue]
> its
a[color=blue]
the[color=blue]
>
>
| |
| Hasnain 2004-02-15, 8:34 pm |
| Its already binded to its own IP with port SSL 443.
The default web site properties indicate 'All assigned' for SSL 443
"Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:uMKFc6F9DHA.1596@TK2MSFTNGP10.phx.gbl...
> Ok now, you have to make sure each cert is binding to its own IP.
> IIS MMC - Site's properties - Web site tab - Advanced button,
> at the SSL section, click edit - change 'all unassigned' to its IP.
>
> now, you might want to try SSL diag as well.
>
http://www.microsoft.com/technet/tr...ds/ssldiags.asp
>
> this will help diagnose SSL error for you. FYI, I have one IP 2 sites with
> 2 certs. binding on different ports.
>
> --
> Regards,
> Bernard Cheah
> http://support.microsoft.com/
> Please respond to newsgroups only ...
>
>
> "Hasnain" <Sacchal@hotmail.com> wrote in message
> news:e#Y87CF9DHA.1592@TK2MSFTNGP10.phx.gbl...
same[color=blue]
you[color=blue]
> article
> from
need[color=blue]
IP[color=blue]
> or
> anywhere
still[color=blue]
personal[color=blue]
site[color=blue]
> is
previous[color=blue]
> certificate.
> which
> says
using[color=blue]
was[color=blue]
such[color=blue]
> a
> the
>
>
| |
| Bernard 2004-02-15, 9:33 pm |
| Configured the 2 sites to bind on their own IP at port 80 and 443.
download ssldiag and post the error msgs here.
--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"Hasnain" <Sacchal@hotmail.com> wrote in message
news:uA6O96G9DHA.3364@TK2MSFTNGP09.phx.gbl...
> Its already binded to its own IP with port SSL 443.
> The default web site properties indicate 'All assigned' for SSL 443
>
> "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> news:uMKFc6F9DHA.1596@TK2MSFTNGP10.phx.gbl...
>
http://www.microsoft.com/technet/tr...ds/ssldiags.asp
with[color=blue]
> same
> you
binding[color=blue]
> need
> IP
> still
not[color=blue]
> personal
> site
> previous
entries,[color=blue]
but[color=blue]
keep[color=blue]
browser[color=blue]
> using
> was
> such
all[color=blue]
>
>
| |
| Hasnain 2004-02-15, 10:33 pm |
| I just change the assigned IP and it start working through its new IP both
with http and https. I didn't make any changes to DNS so far, so access the
site using its new public IP. Then I revert back its previous public IP and
the site start giving 'The page cannot be found' and 'DNS Error' in the
last, although I was accessing the site through its IP on both the cases. I
have also gone through IIS to verify that its IP is not being shared with
any other site.
"Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:%23iqyUcH9DHA.1548@tk2msftngp13.phx.gbl...
| |
| Bernard 2004-02-25, 9:40 am |
| sounds like your previous IP can't establish SSL connection.
is there any firewall or router blocking ? can you browser locally ?
have try recreate the web site ? and ssldiag ?
--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"Hasnain" <Sacchal@hotmail.com> wrote in message
news:O6s$c6H9DHA.2524@TK2MSFTNGP11.phx.gbl...
> I just change the assigned IP and it start working through its new IP both
> with http and https. I didn't make any changes to DNS so far, so access
the
> site using its new public IP. Then I revert back its previous public IP
and
> the site start giving 'The page cannot be found' and 'DNS Error' in the
> last, although I was accessing the site through its IP on both the cases.
I
> have also gone through IIS to verify that its IP is not being shared with
> any other site.
>
>
> "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> news:%23iqyUcH9DHA.1548@tk2msftngp13.phx.gbl...
>
>
|
|
|
|
|