Re: SSL - long, interesting question- I'm completely frustrated
From: Bernard (qbernard_at_hotmail.com)
Date: 07/18/03
- Next message: Jason Short: "Re: URLSCAN.INI 0 Bytes in length"
- Previous message: Bernard: "Re: does IIS log record any attempt to contact?"
- In reply to: derik: "SSL - long, interesting question- I'm completely frustrated"
- Next in thread: derik: "Re: SSL - long, interesting question- I'm completely frustrated"
- Reply: derik: "Re: SSL - long, interesting question- I'm completely frustrated"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 18 Jul 2003 11:56:29 +0800
Do you have anything in the log ?
the problem here is that your cert work with IE
but not the rest, which is weird and hard to
troubleshoot.
-- Regards, Bernard Cheah http://support.microsoft.com/ Please respond to newsgroups only ... "derik" <d_prid@yahoo.com> wrote in message news:034e01c34cb4$d3e4fe50$a601280a@phx.gbl... > Running IIS 5.0 on XP > > I originally installed a self-signed certificate (signed > via OpenSSL since Certificate Services doesn't appear to > be available to pro XP.) > > When I tried viewing the site using https with IE running > on the server itself, got a message telling me the CA > wasn't trusted, clicked through, and got to the web page > perfectly. > > When I tried accessing from a test computer, the broswers > (Mozilla, Netscape, and IE) all time out. ("There was no > response. The server could be down or is not > responding. ") > > The server log shows the requests from the browser > running on the server. Served up on port 443 beautifully. > No entries show up in the log from the test browsers > trying to connect via https (though they do show up in > the logs if i try regular http.) > > I ran SSL Diagnostics, and the only error was: > Verifying server certificate, it might take a while... > #WARNING:Error 0x800b0109 : A certificate chain > processed, but terminated in a root certificate which is > not trusted by the trust provider > #WARNING:Error 0x80092013 > > I didn't think this was causing the problem, but I > removed the certificate and tried a trial certificate > from VeriSign. (They use a weird demo CA that you have to > add to your browser.) Without adding the weird CA to an > IE browswer running on the server, I click through > warnings and get to the web page. After adding the weird > CA to the test computer's browser, I get the same "no > response" error. (The trial VeriSign certificate also > gives me the same SSL Diagnostics error.) > > Following some of the knowledge base articles, I used > netstat to verify the server is listening on 443. I also > used tracert to check the path from the server to the > test machine. I'm at xx.xx.2.113, and its at xx.xx.0.118, > with only xx.xx.0.1 intervening. Even though telneting to > the xx.xx.0.1 on port 443 as instructed in the kb article > failed, it also failed on port 80, and i know I can see > regular http addresses on the server from the client. > Furthermore, both client and server can see https sites > elsewhere, leading me to think there isn't a firewall > somewhere blocking port 443. > > I don't think the certificate is the problem, so it must > be a setting somewhere, since i can see http sites on the > server using the test machine, just not https. But, the > fact that the test machine requests don't even show up in > the logs makes me think otherwise. > > anyone have any ideas?? I apologize for posting this > problem again, but I've tried a few new things and have > run out of ideas. > > -Derik
- Next message: Jason Short: "Re: URLSCAN.INI 0 Bytes in length"
- Previous message: Bernard: "Re: does IIS log record any attempt to contact?"
- In reply to: derik: "SSL - long, interesting question- I'm completely frustrated"
- Next in thread: derik: "Re: SSL - long, interesting question- I'm completely frustrated"
- Reply: derik: "Re: SSL - long, interesting question- I'm completely frustrated"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
