Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / IIS / IIS Security / July 2008

Tip: Looking for answers? Try searching our database.

Cannot solve SSL in IIS 6 with host headers

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Mountain - 18 Jul 2008 17:08 GMT
I'm running W2K3 R2 SP2 with IIS 6 (on a virtual private server).

I have a self-signed certificate. It is installed.

I have multiple web sites set up and running correctly. Only one site
(called mydomain.com here) requires SSL at this time. I can access
mydomain.com via HTTP but not via HTTPS. I get a timeout with no error
message and nothing appears in the IIS log for the failed HTTPS access
attempts.

I have run the following script:

cscript.exe adsutil.vbs set /w3svc/123586192/SecureBindings
":443:mydomain.com"

Here is the output from SSLDiag.exe:

System time: Fri, 18 Jul 2008 16:00:15 GMT
ModuleFileName: C:\Program Files\IIS Resources\SSLDiag\SSLDiag.exe version:
1.1:34.0
CommandLine: "C:\Program Files\IIS Resources\SSLDiag\SSLDiag.exe"
ProcessorArchitecture: x86
OS: Windows 2003 Service Pack 2
IIS6 - World Wide Web Publishing (W3SVC) service is installed

[ HKLM\System\CurrentControlSet\Services\HTTPFilter ]
ImagePath = C:\WINDOWS\system32\lsass.exe
Parameters\CertChainCacheOnlyUrlRetrieval = True(default)
EnableKernelSsl = False(default)
strmfilt.dll loaded into process 428 (lsass.exe)
strmfilt.dll loaded into process 2568 (w3wp.exe)
strmfilt.dll loaded into process 2748 (w3wp.exe)
strmfilt.dll loaded into process 2832 (w3wp.exe)

[ SChannel Info ]
ServerCacheEntries = 3
ServerActiveEntries = 0
ServerHandshakes = 3
ServerReconnects = 43
CacheSize = 10000

[ W3SVC/1 ]
ServerComment = Default Web Site
ServerAutoStart = False

[ W3SVC/1361xxxx56 ]
ServerComment = domain1.com
ServerAutoStart = True
ServerState = Server started

[ W3SVC/151xxxx760 ]
ServerComment = Client1Static
ServerAutoStart = False
#WARNING:ServerState = Server stopped

[ W3SVC/176xxxx090 ]
ServerComment = domain2 CS  
ServerAutoStart = False

[ W3SVC/180xxxx3 ]
ServerComment = www.domain3.net
ServerAutoStart = True
ServerState = Server started

[ W3SVC/2050796052 ]
ServerComment = Client1CS
ServerAutoStart = True
ServerState = Server started

[ W3SVC/52xxxx083 ]
ServerComment = domain2 CS2008    
ServerAutoStart = True
ServerState = Server started

[ W3SVC/77xxxx319 ]
ServerComment = www.domain4.com
ServerAutoStart = True
ServerState = Server started

[ W3SVC/123586192 ]
ServerComment = mydomain.com
ServerAutoStart = True
ServerState = Server started
AccessSSLFlags = 8
#Impersonated server account
SSLCertHash = be cd xx xx xx xx .... xx xx xx
SSLStoreName = MY
#CertName = *.mydomain.com
#You have a private key that corresponds to this certificate
#ContainerName='xxxxxxx...xxxx'
#ProvName='Microsoft RSA SChannel Cryptographic Provider'
ProvType=PROV_RSA_SCHANNEL KeySpec=AT_KEYEXCHANGE
#Subject: CN=*.mydomain.com
#Issuer: CN=*.mydomain.com
#Validity: From 1/1/2000 To 1/1/2050
CertVerifyCertificateChainPolicy succeeded
SecureBindings = ip.ip.ip.ip:443:

[ W3SVC/123586192/root ]
AccessSSLFlags = 264 (0x108)
AccessSSL = True
AccessSSL128 = True
AccessSSLNegotiateCert = False
AccessSSLRequireCert = False
AccessSSLMapCert = False

Diagnostics complete, system time: Fri, 18 Jul 2008 16:00:23 GMT
Reply to this Message
Daniel Crichton - 18 Jul 2008 17:17 GMT
Mountain wrote  on Fri, 18 Jul 2008 09:08:02 -0700:

> I'm running W2K3 R2 SP2 with IIS 6 (on a virtual private server).

> I have a self-signed certificate. It is installed.

> I have multiple web sites set up and running correctly. Only one site
> (called mydomain.com here) requires SSL at this time. I can access
> mydomain.com via HTTP but not via HTTPS. I get a timeout with no error
> message and nothing appears in the IIS log for the failed HTTPS access
> attempts.

Are you sure port 443 is open on your firewall? It's an easy thing to forget
to check.

Signature

Dan

Reply to this Message
Mountain - 18 Jul 2008 17:24 GMT
Dan - thanks. I am not sure it is open and the symptoms make me think this
could be the problem. My host indicates port 443 is open, so I checked
Windows Firewall. I have inetinfo.exe added to the exceptions list and my
understanding is that this should be sufficient. Maybe it is not... I
appreciate any further suggestions.

> Mountain wrote  on Fri, 18 Jul 2008 09:08:02 -0700:
>
[quoted text clipped - 10 lines]
> Are you sure port 443 is open on your firewall? It's an easy thing to forget
> to check.
Reply to this Message
Mountain - 18 Jul 2008 17:34 GMT
added an exception for port 443 in Windows Firewall and that resolved it.  
Dan, I appreciate your tip.

> Dan - thanks. I am not sure it is open and the symptoms make me think this
> could be the problem. My host indicates port 443 is open, so I checked
[quoted text clipped - 16 lines]
> > Are you sure port 443 is open on your firewall? It's an easy thing to forget
> > to check.
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.