SSL and IIS 5.0 - problem - help!
From: derik (d_prid_at_yahoo.com)
Date: Wed, 16 Jul 2003 13:12:41 -0700
I recently tried to configure my IIS to enforce SSL
connections. After following several tutorials for forming
a certificate request, signing (self-signed with OpenSSL),
and installing it, I get the following weird behavior:
when I tried to access the website using regular http using
a broswer on the server itself, i get the standard error
asking me to use https. Yeah!
using https in a broswer on the serving machine, I get the
website, nice and encrypted. Yay!
using regular http on a different machine on the same
network as the server, I get the error asking me to use
https. Still good!
but, when I try to use https on the different machine
(tried netscape, mozilla, and ie), the browser says
contacting myserver.com... and after a while says there was
no response from the server.
as soon as I disable the "enforce ssl connections" feature,
everything is accessible using http from any computer.
Any thoughts? I've looked around. IIS appears to be
listening on port 443. There are no intervening firewalls
between test computers and the server.
>SSL itself is encrypted so as long as you stay in the HTTPS
>protocol you have encryption for any data INCLUDING
>This is why BasicAuthentication WITH SSL is pratically an
>extra IIS authentication method that make the insecure Basic
>(clear text) effectively an encrypted authentication -- and
>open standard, pretty much browser version independent.
>(Since version 2.0 of the major browsers and even Lynx
>has an SSL verion.)
>"William" <firstname.lastname@example.org> wrote in message
>> When you attempt to connect to OWA over https://, does it
>> start encrypting immediately or does it wait until you
>> have authenticated with your network username and
>> password, and then encrypt everything after that?
>> I know this seems like a dumb question, but I just want
>> to be 100% sure that our login names and passwords are
>> not exposed when using OWA.