SSL and IIS 5.0 - problem - help!

From: derik (d_prid_at_yahoo.com)
Date: 07/16/03 

Date: Wed, 16 Jul 2003 13:12:41 -0700

I recently tried to configure my IIS to enforce SSL
connections. After following several tutorials for forming
a certificate request, signing (self-signed with OpenSSL),
and installing it, I get the following weird behavior:

when I tried to access the website using regular http using
a broswer on the server itself, i get the standard error
asking me to use https. Yeah!

using https in a broswer on the serving machine, I get the
website, nice and encrypted. Yay!

using regular http on a different machine on the same
network as the server, I get the error asking me to use
https. Still good!

but, when I try to use https on the different machine
(tried netscape, mozilla, and ie), the browser says
contacting myserver.com... and after a while says there was
no response from the server.

as soon as I disable the "enforce ssl connections" feature,
everything is accessible using http from any computer.

Any thoughts? I've looked around. IIS appears to be
listening on port 443. There are no intervening firewalls
between test computers and the server.

>-----Original Message-----
>SSL itself is encrypted so as long as you stay in the HTTPS
>protocol you have encryption for any data INCLUDING
>passwords.
>
>This is why BasicAuthentication WITH SSL is pratically an
>extra IIS authentication method that make the insecure Basic
>(clear text) effectively an encrypted authentication -- and
>open standard, pretty much browser version independent.
>
>(Since version 2.0 of the major browsers and even Lynx
>has an SSL verion.)
>
>"William" <wchristian@smithcom911.com> wrote in message
>news:004501c34ba5$a9eacbd0$a101280a@phx.gbl...
>> When you attempt to connect to OWA over https://, does it
>> start encrypting immediately or does it wait until you
>> have authenticated with your network username and
>> password, and then encrypt everything after that?
>> I know this seems like a dumb question, but I just want
>> to be 100% sure that our login names and passwords are
>> not exposed when using OWA.
>>
>> Thanks,
>
>
>.
>

Relevant Pages

  • Re: iis not transferring clients to ssl port
    ... individual ASP pages, inside of IIS metabase at a per-URL level, or inside ... because for all intents and purposes, the "transfer" from HTTP to HTTPS is ... Select the file to require SSL, choose right-click properties, and go to ... he wants the webmasters to be able to secure only the pages they want ...
    (microsoft.public.inetserver.iis.security)
  • Re: SSL and WebService
    ... > and there is a proper SSL certificate on that www.somesite.com server, ... > will SSL be enforced? ... but the user can remove the s from https and still access it unsecurely. ... look in the IIS settings for that applicatino and you can tell IIS to only allow SSL ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: SSL and virtual web sites
    ... "HTTP 1.1 Host Headers Are Not Supported When You Use SSL" ... Kristofer Gafvert - IIS MVP ... > I would like to configure SSL access (hence https) for multiple web sites. ...
    (microsoft.public.inetserver.iis)
  • Using SSL when ASP.NET client remotes to IIS hosted object question.
    ... client.config (after you install SSL on the remoting server). ... uses a remote object hosted in IIS on a server with SSL installed. ... the https URL in IE. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: SSL and IIS 5.0 - problem - help!
    ... > a broswer on the server itself, ... > asking me to use https. ... >>SSL itself is encrypted so as long as you stay in the HTTPS ... >>protocol you have encryption for any data INCLUDING ...
    (microsoft.public.inetserver.iis.security)