|
Home > Archive > IIS Server Security > March 2006 > Problems with IIS6 / SSL
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Problems with IIS6 / SSL
|
|
| Lajus Norvejikus 2006-03-13, 5:54 pm |
| Hi all,
I recently installed one Windows 2003 Server and after I installed IIS 6. I
have 2 web sites configured: one I want to answer to port 80, the other will
listen 443. I install a certificate (ok) using the acticle id 816794 as
reference. Everything seems ok. Only... SSL do not work! The 80 port works...
I have IIS Diagnostics installed and when I run SSL Diagnostics I have the
following 2 lines:
#WARNING: AcquireCredentialsHandle failed with error -2146893043(0x8009030d)
#WARNING:AccessSSL = True (resource inaccessible due to SSL does not work on
this website)
I've one server installed and configured with Windows 2000 Server + IIS 5
and I do not remember to have these problems.
Anyone knows how to solve this problem?
Thank's.
Pedro L.
| |
| Ratatooie 2006-03-13, 5:54 pm |
|
SSL needs 1 virtual web, 1 IP address and 1 hostname.
If you cannot devote those three items to the cert-enabled site in
exclusivity, you can't do SSL.
From your description, it sounds like you are trying to share the same IP
with two sites, one with SSL. That won't work.
"Lajus Norvejikus" <LajusNorvejikus@discussions.microsoft.com> wrote in
message news:C89DAC9D-F45F-4BB3-AB77-88D1FC4CC63B@microsoft.com...
> Hi all,
>
> I recently installed one Windows 2003 Server and after I installed IIS 6.
> I
> have 2 web sites configured: one I want to answer to port 80, the other
> will
> listen 443. I install a certificate (ok) using the acticle id 816794 as
> reference. Everything seems ok. Only... SSL do not work! The 80 port
> works...
>
> I have IIS Diagnostics installed and when I run SSL Diagnostics I have the
> following 2 lines:
> #WARNING: AcquireCredentialsHandle failed with
> error -2146893043(0x8009030d)
> #WARNING:AccessSSL = True (resource inaccessible due to SSL does not work
> on
> this website)
>
> I've one server installed and configured with Windows 2000 Server + IIS 5
> and I do not remember to have these problems.
>
> Anyone knows how to solve this problem?
> Thank's.
> Pedro L.
| |
| Lajus Norvejikus 2006-03-14, 7:49 am |
| I have that configuration in a Windows 2000 / IIS 5 installation! I simply
want to make an upgrade... server, operating system and http server. I don't
know if I can have more IP's to dedicate.
In the old configuration (Win2K/IIS5), I have one site using http on port 80
and another site using ports 81 (not really used) and 443 for SSL. Everything
works perfectly.
I don't believe that not exists a solution for this. Any ideas?
Pedro L.
"Ratatooie" wrote:
>
> SSL needs 1 virtual web, 1 IP address and 1 hostname.
>
> If you cannot devote those three items to the cert-enabled site in
> exclusivity, you can't do SSL.
>
> From your description, it sounds like you are trying to share the same IP
> with two sites, one with SSL. That won't work.
>
> "Lajus Norvejikus" <LajusNorvejikus@discussions.microsoft.com> wrote in
> message news:C89DAC9D-F45F-4BB3-AB77-88D1FC4CC63B@microsoft.com...
>
>
>
| |
| David Wang [Msft] 2006-03-14, 7:49 am |
| Did you correctly install the Server Certificate with its Private Key.
Especially if you exported this certificate from the old server - remember
to export the Private key of the cert.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Lajus Norvejikus" <LajusNorvejikus@discussions.microsoft.com> wrote in
message news:5D6DE713-AA73-4C6F-9EBA-FE2B4CC60175@microsoft.com...[vbcol=seagreen]
>I have that configuration in a Windows 2000 / IIS 5 installation! I simply
> want to make an upgrade... server, operating system and http server. I
> don't
> know if I can have more IP's to dedicate.
>
> In the old configuration (Win2K/IIS5), I have one site using http on port
> 80
> and another site using ports 81 (not really used) and 443 for SSL.
> Everything
> works perfectly.
>
> I don't believe that not exists a solution for this. Any ideas?
>
> Pedro L.
>
> "Ratatooie" wrote:
>
| |
| Lajus Norvejikus 2006-03-14, 7:49 am |
| David,
Now it works and using only one IP address!
I'm issuing the certificates using Certificate Services from another known
Windows domain. This can be done using the Microsoft Certificate Services web
forms and, after certification generation, choosing to install it if logged
as Administrator. Except the certificate installation, I do everything as
article id 816794 explanations in
http://support.microsoft.com/defaul...b;en-us;816794.
I don't know if the problem was the private key but when I tried to issue
the new certificate (that works) I chose the form the "use local machine
store" option. Maybe that was the difference but I will look to the 2
certificates to find out the difference.
Thank you David.
Pedro L.
"David Wang [Msft]" wrote:
> Did you correctly install the Server Certificate with its Private Key.
> Especially if you exported this certificate from the old server - remember
> to export the Private key of the cert.
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no rights.
> //
>
> "Lajus Norvejikus" <LajusNorvejikus@discussions.microsoft.com> wrote in
> message news:5D6DE713-AA73-4C6F-9EBA-FE2B4CC60175@microsoft.com...
>
>
>
| |
| David Wang [Msft] 2006-03-14, 7:49 am |
| There's really nothing mysterious. In order for the server to do SSL, it has
to have a server certificate and it must have the private key. The
certificate has to be in "local machine" for IIS to go look it up and use
it.
Basically, unless you know exactly what you are doing and understand the
logic behind the instructions, you need to follow instructions carefully.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Lajus Norvejikus" <LajusNorvejikus@discussions.microsoft.com> wrote in
message news:2A9C3F73-4333-4466-ACC0-F83B0304568A@microsoft.com...[vbcol=seagreen]
> David,
>
> Now it works and using only one IP address!
>
> I'm issuing the certificates using Certificate Services from another known
> Windows domain. This can be done using the Microsoft Certificate Services
> web
> forms and, after certification generation, choosing to install it if
> logged
> as Administrator. Except the certificate installation, I do everything as
> article id 816794 explanations in
> http://support.microsoft.com/defaul...b;en-us;816794.
>
> I don't know if the problem was the private key but when I tried to issue
> the new certificate (that works) I chose the form the "use local machine
> store" option. Maybe that was the difference but I will look to the 2
> certificates to find out the difference.
>
> Thank you David.
> Pedro L.
>
> "David Wang [Msft]" wrote:
>
|
|
|
|
|