Can't get SSL to work locally

From: Mark Rae (mark_at_mark-N-O-S-P-A-M-rae.co.uk)
Date: 06/27/04 

Date: Sun, 27 Jun 2004 13:40:10 +0100

Hi,

I've recently acquired an SSL certificate on my live web site which I
maintain and develop in C# / ASP.NET with VS.NET 2003. That means I can use
https://www.markrae.co.uk just as well as http://www.markrae.co.uk.
Therefore, I need to be able to simulate this on my development machine.

I followed the MSKB article How To Set Up Client Certificates
(http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/htm
l/secmod31.asp) to the letter, and am now experiencing the following
behaviour on my development machine:

1) If I browse to http://localhost/markrae, all is fine

2) If I browse to https://localhost/markrae, IIS pops the standard Security
Alert message (which I'd expect), saying that the Security Certificate was
issued by a company I have not chosen to trust etc. So I click Yes, and then
I get "Cannot find server or DNS Error", as if the site I'm trying to browse
to isn't there.

I'm running Windows XP Pro with all the latest security patches.

If I open MMC, expand Internet Information Services and right click on
Properties, C:\WINDOWS\System32\inetsrv\sspifilt.dll is showing as being
installed.

If I right click on Default Web Site and select Properties, the IP address
is set to (All Unassigned), the TCP port is 80 and the SSL port is 443 (not
dimmed).

If I run netstat -an from a command prompt, it has a Local Address entry
for 0.0.0.0:443

I'm clearly missing something glaringly obvious here...

Any assistance gratefully received.

Regards,

Mark Rae

Relevant Pages

  • [NT] Flaw in Certificate Enrollment Control Could Allow Deletion of Digital Certificates
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Certificate Enrollment Control, the purpose of which is to allow web-based ...
    (Securiteam)
  • Re: Embedding Simple MFC GUI app into website
    ... The problem with security is that so many people say "it doesn't matter". ... particular technology is "evil" goes beyond common sense and increases ... Since you must obtain a certificate for code signing from the trusted ... use it for a general purpose web site as we have all discussed, ...
    (microsoft.public.vc.mfc)
  • Re: Embedding Simple MFC GUI app into website
    ... particular technology is "evil" goes beyond common sense and increases ... ActiveX, in particular, is an antipattern for security. ... Since you must obtain a certificate for code signing from the trusted ... use it for a general purpose web site as we have all discussed, ...
    (microsoft.public.vc.mfc)
  • RE: Publishing Companyweb for external access on SBS2003 R2 With I
    ... would like to show out the recommended steps to publish companyweb. ... To publish companyweb in ISA Server 2004, we can simply run the CEICW ... "Allow access to only the following Web site services from the internet" ... On the "Web Server Certificate" page, choose to create a new Web server ...
    (microsoft.public.windows.server.sbs)
  • RE: Getting rid of a rogue SSl certificate
    ... > Please follow the steps below to check the certificate on ISA. ... > server name, select prop. ... network, firewall, secure Web site, and e-mail. ...
    (microsoft.public.windows.server.sbs)