| Author |
SSL sites don't come up
|
|
| Mike St.Onge 2005-02-09, 5:56 pm |
| I recently downloaded an SSL certificate, imported it fine and enabled SSL on
the website. Now I cannot access the website. I don't get an error or
anything. It just never comes up.
I am complete SSL \ IIS newbie. Anyone have any suggestions on what to
check? I followed all the documentation and it *should* work.
| |
| Miha Pihler [MVP] 2005-02-09, 5:56 pm |
| Hi Mike,
Which version of IIS do you have? IIS 5? IIS 6?
Is SSL port assigned to your site? It should be TCP port 443.
What was a file extension on your certificate? Was it a .pfx or .cer?
--
Mike
Microsoft MVP - Windows Security
"Mike St.Onge" <MikeStOnge@discussions.microsoft.com> wrote in message
news:6848EA0E-67BF-4BF4-A0F6-93A8C8E8A91E@microsoft.com...
>I recently downloaded an SSL certificate, imported it fine and enabled SSL
>on
> the website. Now I cannot access the website. I don't get an error or
> anything. It just never comes up.
>
> I am complete SSL \ IIS newbie. Anyone have any suggestions on what to
> check? I followed all the documentation and it *should* work.
| |
| Mike St.Onge 2005-02-09, 5:56 pm |
| I am running IIS 6. Yes, the SSL port is 443.
The certificate. Hmmm ... I had to cut and paste some stuff from an
internal CA and rename the .txt file to a .cer. Should I have named it a
..pfx?
"Miha Pihler [MVP]" wrote:
> Hi Mike,
>
> Which version of IIS do you have? IIS 5? IIS 6?
>
> Is SSL port assigned to your site? It should be TCP port 443.
>
> What was a file extension on your certificate? Was it a .pfx or .cer?
>
> --
> Mike
> Microsoft MVP - Windows Security
>
>
> "Mike St.Onge" <MikeStOnge@discussions.microsoft.com> wrote in message
> news:6848EA0E-67BF-4BF4-A0F6-93A8C8E8A91E@microsoft.com...
>
>
>
| |
| Miha Pihler [MVP] 2005-02-09, 5:56 pm |
| Hi,
No, if you used internal CA then it should be OK...
When issuing the certificate, did you select the correct certificate
template (Web Server) template? Here is an example:
http://freeweb.siol.net/mpihler/webcert.jpg
--
Mike
Microsoft MVP - Windows Security
"Mike St.Onge" <MikeStOnge@discussions.microsoft.com> wrote in message
news:08A2062E-D659-4E1A-AA67-70DEB324867C@microsoft.com...[vbcol=seagreen]
>I am running IIS 6. Yes, the SSL port is 443.
>
> The certificate. Hmmm ... I had to cut and paste some stuff from an
> internal CA and rename the .txt file to a .cer. Should I have named it a
> .pfx?
>
> "Miha Pihler [MVP]" wrote:
>
| |
| Mike St.Onge 2005-02-09, 5:56 pm |
| Thats a good question, since I did not issue the certificate. Let me ask the
issuer.
Would that cause this sort of problem?
"Miha Pihler [MVP]" wrote:
> Hi,
>
> No, if you used internal CA then it should be OK...
>
> When issuing the certificate, did you select the correct certificate
> template (Web Server) template? Here is an example:
> http://freeweb.siol.net/mpihler/webcert.jpg
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "Mike St.Onge" <MikeStOnge@discussions.microsoft.com> wrote in message
> news:08A2062E-D659-4E1A-AA67-70DEB324867C@microsoft.com...
>
>
>
| |
| Miha Pihler [MVP] 2005-02-09, 5:56 pm |
| If the issuer did not select the appropriate template (e.g. selected User
template instead of Web Server template) this certificate will not work on
IIS.
--
Mike
Microsoft MVP - Windows Security
"Mike St.Onge" <MikeStOnge@discussions.microsoft.com> wrote in message
news:19F643A1-96E6-4434-8F30-C17A4AA50FB8@microsoft.com...[vbcol=seagreen]
> Thats a good question, since I did not issue the certificate. Let me ask
> the
> issuer.
>
> Would that cause this sort of problem?
>
> "Miha Pihler [MVP]" wrote:
>
| |
| Mike St.Onge 2005-02-10, 5:54 pm |
| OK, I checked with the guy that issues the certs. He's using Netscape
Certificates to issue the cert. There is no option specifying what type of
cert he is issueing. I looked over the whole thing with him.
Does this help any? Any other ideas?
"Miha Pihler [MVP]" wrote:
> If the issuer did not select the appropriate template (e.g. selected User
> template instead of Web Server template) this certificate will not work on
> IIS.
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "Mike St.Onge" <MikeStOnge@discussions.microsoft.com> wrote in message
> news:19F643A1-96E6-4434-8F30-C17A4AA50FB8@microsoft.com...
>
>
>
| |
| Miha Pihler [MVP] 2005-02-10, 5:54 pm |
| Hi,
Next thing you can do is run SSL Diag tool. That might tell us more where
the problem is...
You can get SSL Diag here:
SSL Diagnostics Version 1.0 (x86)
http://www.microsoft.com/downloads/...&DisplayLang=en
--
Mike
Microsoft MVP - Windows Security
"Mike St.Onge" <MikeStOnge@discussions.microsoft.com> wrote in message
news:6C0964D6-034C-4ACF-95C0-EEC2C125EF3F@microsoft.com...[vbcol=seagreen]
> OK, I checked with the guy that issues the certs. He's using Netscape
> Certificates to issue the cert. There is no option specifying what type
> of
> cert he is issueing. I looked over the whole thing with him.
>
> Does this help any? Any other ideas?
>
> "Miha Pihler [MVP]" wrote:
>
| |
| Mike St.Onge 2005-02-10, 5:54 pm |
| I might be on to something now. I downloaded the tool and ran it. It says
there is a conflict between site 1 (a parent site) and site 3 (site I'm
testing SSL on). I never downloaded a cert for the parent site. I've
requested a cert for the parent site now.
Would that have caused this problem?
"Miha Pihler [MVP]" wrote:
> Hi,
>
> Next thing you can do is run SSL Diag tool. That might tell us more where
> the problem is...
>
> You can get SSL Diag here:
>
> SSL Diagnostics Version 1.0 (x86)
> http://www.microsoft.com/downloads/...&DisplayLang=en
>
> --
> Mike
> Microsoft MVP - Windows Security
>
>
> "Mike St.Onge" <MikeStOnge@discussions.microsoft.com> wrote in message
> news:6C0964D6-034C-4ACF-95C0-EEC2C125EF3F@microsoft.com...
>
>
>
| |
| hal@nospam.com 2005-02-10, 5:54 pm |
| On Thu, 10 Feb 2005 07:07:03 -0800, Mike St.Onge
<MikeStOnge@discussions.microsoft.com> wrote:
>I might be on to something now. I downloaded the tool and ran it. It says
>there is a conflict between site 1 (a parent site) and site 3 (site I'm
>testing SSL on). I never downloaded a cert for the parent site. I've
>requested a cert for the parent site now.
>'
Wait a minute... multiple SSL sites on one box? Do in understand
correctly that is what you are doing? How are you defining your
virtual web sites? Do you have a different IP assigned to each? You
can't do host headers will SSL if that is what you are trying to do.
sorry if I misunderstood
Hal
[vbcol=seagreen]
>Would that have caused this problem?
>
>"Miha Pihler [MVP]" wrote:
>
| |
| Mike St.Onge 2005-02-11, 6:00 pm |
| OK, after much research\trial and error\frustration, I finally know how to
ask the question I need to ask.
Can I run multiple SSL sites (not virtual directories) with one IP if I am
distinguishing between sites by port number? Is there something special that
needs to happen with requesting the certificate to do this?
Scenario - Five websites, 1 IP, unique port number for each and I want to
enable SSL on all five sites. Is this possible?
"hal@nospam.com" wrote:
> On Thu, 10 Feb 2005 07:07:03 -0800, Mike St.Onge
> <MikeStOnge@discussions.microsoft.com> wrote:
>
>
> Wait a minute... multiple SSL sites on one box? Do in understand
> correctly that is what you are doing? How are you defining your
> virtual web sites? Do you have a different IP assigned to each? You
> can't do host headers will SSL if that is what you are trying to do.
>
> sorry if I misunderstood
>
> Hal
>
>
>
| |
| Miha Pihler [MVP] 2005-02-11, 6:00 pm |
| Yes, this is possible, but clients will have to enter URL like this:
https://www.site.com:444
https://www.site.com:445
etc...
You will also have to manually configure IIS and assign each site unique SSL
TCP port.
--
Mike
Microsoft MVP - Windows Security
"Mike St.Onge" <MikeStOnge@discussions.microsoft.com> wrote in message
news:D5F1B64C-F329-493C-B5D1-B5B4F1249EEA@microsoft.com...[vbcol=seagreen]
> OK, after much research\trial and error\frustration, I finally know how to
> ask the question I need to ask.
>
> Can I run multiple SSL sites (not virtual directories) with one IP if I am
> distinguishing between sites by port number? Is there something special
> that
> needs to happen with requesting the certificate to do this?
>
> Scenario - Five websites, 1 IP, unique port number for each and I want to
> enable SSL on all five sites. Is this possible?
>
> "hal@nospam.com" wrote:
>
|
|
|
|