Re: SSL Problems

From: Toby Herring (therring*_at_*teletrack.com)
Date: 08/02/04 

Date: Mon, 2 Aug 2004 15:14:42 -0400

remove and re-install the certificate.

Chances are, when you installed the certificate, it got bound to the wrong
site. Now that you've deleted that site, you'll have to re-introduce the
certificate to the system so it can be bound to the correct site. 

-- 
Toby Herring
MCDBA, MCSD, MCP+SB
"jm" <anonymous@discussions.microsoft.com> wrote in message
news:989501c478bf$600eb600$a601280a@phx.gbl...
> There was actually 2 sites only.  I deleted the other
> one, and ran ssl diag and no errors came up and STILL
> CANNOT access https:// on my page.  There are no more
> sites on my IIS server except for this one.
>
> What else can I do?
> >-----Original Message-----
> >It looks like you've decided not to use the Default
> site, and created
> >another site under IIS that you're actually attempting
> to use.
> >
> >It looks to me like the Default site was and still is
> set up to use SSL on
> >port 443, and the two sites are fighting over which one
> is actually supposed
> >to be monitoring the IP address.
> >
> >Go into all sites except the one that you're trying to
> secure, and make sure
> >none of them have any SSL settings in place.
> >
> >-- 
> >Toby Herring
> >MCDBA, MCSD, MCP+SB
> >
> >
> >"jm" <anonymous@discussions.microsoft.com> wrote in
> message
> >news:99a901c478b4$b1a5b550$a501280a@phx.gbl...
> >> Hello,
> >>
> >> I am getting page cannot be displayed after installing
> >> ssl certificate, IIS 5.0.  I ran SSL Diag and here is
> >> what I got.  Can anyone help me out?
> >>
> >> ---------------------
> >>
> >> OS: Windows 2000 Service Pack 4
> >> IIS5 - World Wide Web Publishing (W3SVC) service is
> >> installed
> >>
> >> [
> >>
> HKLM\System\CurrentControlSet\Services\InetInfo\Parameters
> >>  ]
> >> CertChainCacheOnlyUrlRetrieval = True(default)
> >> CheckCertRevocation = False(default)
> >> CertChainCheckUsage = False(default)
> >> sspifilt.dll loaded into process 696 (inetinfo.exe)
> >>
> >> [ SChannel Info ]
> >> CacheSize = 10000
> >> Entries = 2
> >> ActiveEntries = 0
> >>
> >> [ W3SVC ]
> >> AccessSSLFlags = 0
> >>
> >> [ W3SVC/1 ]
> >> ServerComment = Default Web Site_old
> >> ServerAutoStart = False
> >> #WARNING:ServerState = Server stopped
> >> SecureBindings = :443:
> >> #WARNING: SSL port (SecureBindings) set but certificate
> >> not installed
> >>
> >> [ W3SVC/1/Root/_vti_bin ]
> >> AccessSSLFlags = 0 (0x0)
> >>
> >> [ W3SVC/3 ]
> >> ServerComment = Intranet
> >> ServerAutoStart = True
> >> ServerState = Server started
> >> #Could not impersonate server account
> >> SSLCertHash = 36 73 4e a3 e5 0f 63 65 53 12 6d 78 72 2e
> >> c8 4a 6c 2e ce 58
> >> SSLStoreName = MY
> >> #CertName = Administrator
> >> #You have a private key that corresponds to this
> >> certificate
> >>
> #ContainerName='37bdad4c2ac4055a829f44edd4500487_2ee45d0b-
> >> 33e9-4db1-8cde-ca7f531ffd59'
> >> #ProvName='Microsoft RSA SChannel Cryptographic
> Provider'
> >> ProvType=PROV_RSA_SCHANNEL KeySpec=AT_KEYEXCHANGE
> >> #Subject: E=administrator@xxx.com, CN=Administrator
> >> #Issuer: E=info@mydomain.com, C=US, S=xx, L=xxx, O=xxx,
> >> OU=xxx, CN=xxx
> >> #Validity: From 8/2/2004 11:39:50 AM To 8/2/2005
> 11:39:50
> >> AM
> >> SecureBindings = :443:
> >> #WARNING: SecureBindings conflicts with other site
> >>
> >> [ W3SVC/3/ROOT ]
> >> AccessSSLFlags = 0 (0x0)
> >>
> >> [ W3SVC/3/ROOT/IISSAMPLES/ExAir/FreqFlyer ]
> >> AccessSSLFlags = 0 (0x0)
> >>
> >> [ W3SVC/3/ROOT/IISSAMPLES/ExAir/BusinessPartners ]
> >> AccessSSLFlags = 0 (0x0)
> >>
> >> [ W3SVC/3/ROOT/IISADMPWD ]
> >> AccessSSLFlags = 0 (0x0)
> >>
> >> [ W3SVC/3/ROOT/Exchange ]
> >> AccessSSLFlags = 0 (0x0)
> >>
> >> [ W3SVC/3/ROOT/Intranet ]
> >> AccessSSLFlags = 0 (0x0)
> >>
> >> [ W3SVC/3/ROOT/Citrix/NFuse17 ]
> >> AccessSSLFlags = 0 (0x0)
> >>
> >> #WARNING:Site 1 and 3 have conflicting SecureBindings
> >
> >
> >.
> >

Relevant Pages

  • RE: SSL MITM not on port 443
    ... Have you ever done what you're trying to do on a "normal" SSL web ... My recommendation would be to set up a web server in your lab ... hopes that the client will accept that certificate. ... SSL MITM not on port 443 ...
    (Pen-Test)
  • Re: OWA 2003 w/ Smart Card Authentication.
    ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
    (microsoft.public.exchange.connectivity)
  • Re: OWA 2003 w/ Smart Card Authentication.
    ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
    (microsoft.public.exchange.connectivity)
  • Re: "Could not connect to server" error when accessing Outlook 200
    ... Perhaps when you connect via RDP, you have to use SSL. ... The server you are connected to is using a security certificate ... A certificate chain processed, but terminated in a root certificate which is ... Settings on the Advanced tab. ...
    (microsoft.public.outlook.installation)
  • Re: Publish SSL Web Server behind SBS2003
    ... > How to configure a certificate for use with a Web publishing rule in ISA ... > Server 2004 ... > RWW/OWA for SSL encryption. ... Right click the SSL Web Site and click Properties. ...
    (microsoft.public.windows.server.sbs)