Re: Can't get SSL to work locally
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 06/28/04
- Next message: Finnie B.: "Disable Printing from the internet"
- Previous message: AndyMac: "Re: Russian IIS hack? Malicious Javascript code"
- In reply to: Jerry Pisk: "Re: Can't get SSL to work locally"
- Next in thread: Mark Rae: "Re: Can't get SSL to work locally"
- Reply: Mark Rae: "Re: Can't get SSL to work locally"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Jun 2004 03:15:55 -0700
Don't worry, you're preaching to the choir here.
SelfSSL just lowers the bar to enabling SSL on IIS (many people mistake
needing Certificate Server or is just not possible "for free" with IIS). It
does not attempt to address the issue of trust.
I'm just trying to explain to the user in more pragmatic terms. I do not
want them to think that they get SSL "for free" and can go host a securable
ecommerce site with SelfSSL and get disappointed. Most users really cannot
distinguish encryption and trust when it comes to SSL, and I do not want it
to be a barrier to understanding.
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "Jerry Pisk" <jerryiii@hotmail.com> wrote in message news:ediIwfLXEHA.3420@TK2MSFTNGP12.phx.gbl... David, how does IIS know whether your site is a testing/private site or a real site? It's a matter of trust, not functionality. IIS works with any certificate the same way (as long as IIS can trust it), it doesn't care whether the client will or not. And even with a certificate that's not trusted, SSL will still work, the traffic will be encrypted. The problem with certificates that can't be trusted is not that SSL wouldn't work. It's that you don't know who you're talking to, you can't trust the information in the certificate (such as the subject). Jerry "David Wang [Msft]" <someone@online.microsoft.com> wrote in message news:utLhrkJXEHA.1356@TK2MSFTNGP09.phx.gbl... > SelfSSL is the easiest way to enable SSL for your server (only works for > testing/private use -- real SSL sites still need to buy their own cert) > > http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en > > > SSLDiag is the easiest way to check for why SSL is not working on IIS. > > http://microsoft.com/downloads/details.aspx?FamilyID=cabea1d0-5a10-41bc-83d4-06c814265282&DisplayLang=en > > -- > //David > IIS > This posting is provided "AS IS" with no warranties, and confers no > rights. > // > "Mark Rae" <mark@mark-N-O-S-P-A-M-rae.co.uk> wrote in message > news:eDiUoPEXEHA.4000@TK2MSFTNGP09.phx.gbl... > Hi, > > I've recently acquired an SSL certificate on my live web site which I > maintain and develop in C# / ASP.NET with VS.NET 2003. That means I can > use > https://www.markrae.co.uk just as well as http://www.markrae.co.uk. > Therefore, I need to be able to simulate this on my development machine. > > I followed the MSKB article How To Set Up Client Certificates > (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/htm > l/secmod31.asp) to the letter, and am now experiencing the following > behaviour on my development machine: > > 1) If I browse to http://localhost/markrae, all is fine > > 2) If I browse to https://localhost/markrae, IIS pops the standard > Security > Alert message (which I'd expect), saying that the Security Certificate was > issued by a company I have not chosen to trust etc. So I click Yes, and > then > I get "Cannot find server or DNS Error", as if the site I'm trying to > browse > to isn't there. > > I'm running Windows XP Pro with all the latest security patches. > > If I open MMC, expand Internet Information Services and right click on > Properties, C:\WINDOWS\System32\inetsrv\sspifilt.dll is showing as being > installed. > > If I right click on Default Web Site and select Properties, the IP address > is set to (All Unassigned), the TCP port is 80 and the SSL port is 443 > (not > dimmed). > > If I run netstat -an from a command prompt, it has a Local Address entry > for 0.0.0.0:443 > > I'm clearly missing something glaringly obvious here... > > Any assistance gratefully received. > > Regards, > > Mark Rae > > >
- Next message: Finnie B.: "Disable Printing from the internet"
- Previous message: AndyMac: "Re: Russian IIS hack? Malicious Javascript code"
- In reply to: Jerry Pisk: "Re: Can't get SSL to work locally"
- Next in thread: Mark Rae: "Re: Can't get SSL to work locally"
- Reply: Mark Rae: "Re: Can't get SSL to work locally"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
