Re: Can't get SSL to work locally

• Previous message: WinGuy: "Re: Testing security"
• In reply to: David Wang [Msft]: "Re: Can't get SSL to work locally"
• Next in thread: David Wang [Msft]: "Re: Can't get SSL to work locally"
• Reply: David Wang [Msft]: "Re: Can't get SSL to work locally"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 27 Jun 2004 19:31:05 -0700

David, how does IIS know whether your site is a testing/private site or a
real site? It's a matter of trust, not functionality. IIS works with any
certificate the same way (as long as IIS can trust it), it doesn't care
whether the client will or not. And even with a certificate that's not
trusted, SSL will still work, the traffic will be encrypted. The problem
with certificates that can't be trusted is not that SSL wouldn't work. It's
that you don't know who you're talking to, you can't trust the information
in the certificate (such as the subject).

Jerry

"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:utLhrkJXEHA.1356@TK2MSFTNGP09.phx.gbl...
> SelfSSL is the easiest way to enable SSL for your server (only works for
> testing/private use -- real SSL sites still need to buy their own cert)
>
> http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en
>
>
> SSLDiag is the easiest way to check for why SSL is not working on IIS.
>
> http://microsoft.com/downloads/details.aspx?FamilyID=cabea1d0-5a10-41bc-83d4-06c814265282&DisplayLang=en
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> //
> "Mark Rae" <mark@mark-N-O-S-P-A-M-rae.co.uk> wrote in message
> news:eDiUoPEXEHA.4000@TK2MSFTNGP09.phx.gbl...
> Hi,
>
> I've recently acquired an SSL certificate on my live web site which I
> maintain and develop in C# / ASP.NET with VS.NET 2003. That means I can
> use
> https://www.markrae.co.uk just as well as http://www.markrae.co.uk.
> Therefore, I need to be able to simulate this on my development machine.
>
> I followed the MSKB article How To Set Up Client Certificates
> (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/htm
> l/secmod31.asp) to the letter, and am now experiencing the following
> behaviour on my development machine:
>
> 1) If I browse to http://localhost/markrae, all is fine
>
> 2) If I browse to https://localhost/markrae, IIS pops the standard
> Security
> Alert message (which I'd expect), saying that the Security Certificate was
> issued by a company I have not chosen to trust etc. So I click Yes, and
> then
> I get "Cannot find server or DNS Error", as if the site I'm trying to
> browse
> to isn't there.
>
> I'm running Windows XP Pro with all the latest security patches.
>
> If I open MMC, expand Internet Information Services and right click on
> Properties, C:\WINDOWS\System32\inetsrv\sspifilt.dll is showing as being
> installed.
>
> If I right click on Default Web Site and select Properties, the IP address
> is set to (All Unassigned), the TCP port is 80 and the SSL port is 443
> (not
> dimmed).
>
> If I run netstat -an from a command prompt, it has a Local Address entry
> for 0.0.0.0:443
>
> I'm clearly missing something glaringly obvious here...
>
> Any assistance gratefully received.
>
> Regards,
>
> Mark Rae
>
>
>

• Previous message: WinGuy: "Re: Testing security"
• In reply to: David Wang [Msft]: "Re: Can't get SSL to work locally"
• Next in thread: David Wang [Msft]: "Re: Can't get SSL to work locally"
• Reply: David Wang [Msft]: "Re: Can't get SSL to work locally"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]