|
Home > Archive > IIS Server Security > December 2007 > Stuck with SSL error
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Stuck with SSL error
|
|
|
| Setup
w2k3 server as a DC
Certificate services (run my own CA, stand alone)
Configured IIS to use secure channel (port 443) and certificates
During installation no errors, I am able to obtain a certificate from the
server, but I am unable to connect to the website "webpage not available"
Checked everything (including firewall settings) but I am stuck.
Running IIS diagtool I see 3 errors
#WARNING: AcquireCredentialsHandle failed with error -2146893043(0x8009030d)
#WARNING:AccessSSL = True (resource inaccessible due to SSL does not work on
this website)
#WARNING:AccessSSLRequireCert = True (resource inaccessible due to SSL does
not work on this website)
My own CA is listed in "trusted root certificates Authorities" the
certificate is listed in "personal"
What is wrong?
With kind regards
Rik
| |
| Tiago Halm 2007-12-08, 7:41 pm |
| What kind of certificate did you create? Must be Server Authentication type.
Open up the certificate from the store (via MMC). Do you have the private
key? Does the Pool account have access to the certificate private key?
Anyway, try to avoid having the DC as the IIS box (create a member), unless
there is no other box.
Tiago Halm
"Rik" <123345@nlnlnln.net> wrote in message
news:475ad61f$0$243$e4fe514c@news.xs4all.nl...
> Setup
> w2k3 server as a DC
> Certificate services (run my own CA, stand alone)
> Configured IIS to use secure channel (port 443) and certificates
> During installation no errors, I am able to obtain a certificate from the
> server, but I am unable to connect to the website "webpage not available"
> Checked everything (including firewall settings) but I am stuck.
> Running IIS diagtool I see 3 errors
> #WARNING: AcquireCredentialsHandle failed with
> error -2146893043(0x8009030d)
> #WARNING:AccessSSL = True (resource inaccessible due to SSL does not work
> on this website)
> #WARNING:AccessSSLRequireCert = True (resource inaccessible due to SSL
> does not work on this website)
> My own CA is listed in "trusted root certificates Authorities" the
> certificate is listed in "personal"
>
> What is wrong?
> With kind regards
> Rik
>
>
>
| |
|
|
"Tiago Halm" <thalm@nospam.hotmail.com> schreef in bericht
news:%23K1JHJcOIHA.3516@TK2MSFTNGP02.phx.gbl...
> What kind of certificate did you create? Must be Server Authentication
> type.
The certificate is intended for the following purposes
Certificate is "All issuance policies" and "All application policies"
However from the advanced view "server authentication is selected"
> Open up the certificate from the store (via MMC). Do you have the private
> key?
I do have a private key
Does the Pool account have access to the certificate private key?
pool account ?? Sorry does not ring a bell !!
>
> Anyway, try to avoid having the DC as the IIS box (create a member),
> unless there is no other box.
I thought so,....unfortunately there is no other box..
Rik
>
> Tiago Halm
>
> "Rik" <123345@nlnlnln.net> wrote in message
> news:475ad61f$0$243$e4fe514c@news.xs4all.nl...
>
>
| |
| Tiago Halm 2007-12-08, 7:41 pm |
| Pool account as in the user configured in the IIS 6 AppPool associated with
the WebSite (and VDirs under it) where the certificate is set. Anyway, I've
just googled a bit and this may not be an issue.
See this google snapshot:
http://64.233.183.104/search?q=cach...clnk&cd=1&gl=uk
Tiago Halm
"Rik" <123345@nlnlnln.net> wrote in message
news:475ae39a$0$242$e4fe514c@news.xs4all.nl...
>
> "Tiago Halm" <thalm@nospam.hotmail.com> schreef in bericht
> news:%23K1JHJcOIHA.3516@TK2MSFTNGP02.phx.gbl...
>
> The certificate is intended for the following purposes
> Certificate is "All issuance policies" and "All application policies"
> However from the advanced view "server authentication is selected"
>
> I do have a private key
> Does the Pool account have access to the certificate private key?
>
> pool account ?? Sorry does not ring a bell !!
>
>
>
>
>
>
> I thought so,....unfortunately there is no other box..
>
> Rik
>
>
>
| |
|
| two things you need to check. One is whther your certificate used on the
server is associated with the private key. Second is whether your have
correctly configure the site to use the SSL. IIS SSL configuration requires a
dedicated IP and does not work with host headers.
"Rik" wrote:
> Setup
> w2k3 server as a DC
> Certificate services (run my own CA, stand alone)
> Configured IIS to use secure channel (port 443) and certificates
> During installation no errors, I am able to obtain a certificate from the
> server, but I am unable to connect to the website "webpage not available"
> Checked everything (including firewall settings) but I am stuck.
> Running IIS diagtool I see 3 errors
> #WARNING: AcquireCredentialsHandle failed with error -2146893043(0x8009030d)
> #WARNING:AccessSSL = True (resource inaccessible due to SSL does not work on
> this website)
> #WARNING:AccessSSLRequireCert = True (resource inaccessible due to SSL does
> not work on this website)
> My own CA is listed in "trusted root certificates Authorities" the
> certificate is listed in "personal"
>
> What is wrong?
> With kind regards
> Rik
>
>
>
>
|
|
|
|
|