Re: SSL & "All Unassigned"
From: Desmond Lam (deslam_at_online.microsoft.com)
Date: 03/17/04
- Next message: Desmond Lam: "Re: Web Site is down! after upgrade"
- Previous message: Bryan Velkinburg: "IIS 5.0 SMTP relay question"
- In reply to: enderlet: "SSL & "All Unassigned""
- Next in thread: enderlet: "Re: SSL & "All Unassigned""
- Reply: enderlet: "Re: SSL & "All Unassigned""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 17 Mar 2004 11:26:20 +0800
The "Cannot find server" or "DNS error" browser error messages are symptoms
of several different problems.
- Was the Web server certificate part of an export or import process?
There is a known problem during the import process in which the wrong
cryptographic service provider (CSP) is chosen. You may also see an Schannel
Event ID: 36871 message. For additional information, click the article
number below to view the article in the Microsoft Knowledge Base:
KBLink:261655.KB.EN-US: Cannot Make an SSL Connection After Exporting and
Importing an Server Certificate
- Is the Web Server running Windows 2000, and has the Web server certificate
recently renewed? The usual renewal process involves sending a renewal
request to the Web server certificate issuer (that is, a Certificate
Authority such as VeriSign, Netscape, or Microsoft.) A fix has been
developed that ensures that a standard PKCS10-formatted renewal request is
created. For more information, see the following Knowledge Base article:
KBLink:262979.KB.EN-US: Cannot Renew Verisign Certificates in IIS 5.0
- Is the Sspifilt.dll file loaded on the IIS master properties ISAPI Filter
tab? If not, add the Sspifilt.dll name and the
\Winnt\System32\Inetsrv\Sspifilt.dll execution path to the IIS master
properties ISAPI Filter tab.
- Were any changes made to the IIS computer or Web site while a certificate
request was pending? (For example, a certificate request was generated and
sent to VeriSign. Before the certificate was installed, a service pack was
applied, the high encryption pack was installed, or the Web site bindings
were changed.) If so, you must generate a new certificate request. It is
important that you do not change anything while a certificate request is
pending.
- Does the Web site have a secure identity? To confirm this, follow these
steps:
1. Make sure that the Web site is bound to a secure port.
a. From the Microsoft Management Console (MMC), right-click the Web
site and click Properties.
b. On the Web Site tab, note the IP address (this may be All
Unassigned) and SSL port.NOTE: If the SSL port is blank, type "443"
(without the quotation marks) and restart the IIS service. If
the port is dimmed, a server certificate has not been successfully
installed. For more information, see the following Knowledge
Base article: KBLink:228836.KB.EN-US: Installing a New Certificate with
Certificate Wizard for Use in SSL/TLS
2. Confirm that the Web site is correctly bound to the network card.
a. From a command prompt, type "netstat -an" (without the quotation
marks).
b. If the Web site was bound to the All Unassigned IP address and SSL
port 443, verify that the Local Address entry is 0.0.0.0:443.
If the Web site was bound to a specific IP address (for example,
172.26.207.120) and SSL port 443, verify that the Local Address entry is
<IPaddress>:443 (for example, 172.26.207.120:443).
Hope it helps,
Desmond
"enderlet" <anonymous@discussions.microsoft.com> wrote in message
news:FDF7B792-75F3-4281-A4D2-30E7A0665249@microsoft.com...
> Looking for answers (as we already identified the workaround).
>
> Configuration:
>
> Multiple sites on same box, each will individual IP. Site #1 set to "All
Unassigned", Sites #2...#n with specified IPs and all having separate SSL
certs installed. Today we are asked to enable SSL on a given directory on
Site #1. Key is generated, ceritificate is acquired and installed, SSL set
to port 443.
>
> Problem:
>
> Hit page within site #1 (that is in a secured directory) using HTTP and
you get expected msg that SSL required. Hit same page using HTTPS and get
"site not found or dns error" Remove SSL and page is served just fine.
>
> Workaround:
>
> Change site #1 from "All Unassigned" to its IP and all is well.
>
>
> Question:
>
> WHY?????? Cert is bound to the URL and not the IP, we're wondering is
this a quirk of IIS 5 that you can't secure a site without changing to
specific IP?
- Next message: Desmond Lam: "Re: Web Site is down! after upgrade"
- Previous message: Bryan Velkinburg: "IIS 5.0 SMTP relay question"
- In reply to: enderlet: "SSL & "All Unassigned""
- Next in thread: enderlet: "Re: SSL & "All Unassigned""
- Reply: enderlet: "Re: SSL & "All Unassigned""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
