Re: HTTPS

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 08/04/04


Date: Wed, 4 Aug 2004 21:19:35 +0200

Hi Steve,

if you use IIS Wizard it will place certificate in Local Store instead of
you. If the certificate wasn't there you couldn't assign it...

I also used certificate from my own CA server...

Can you try this on IIS server itself.

open IE and in URL enter https://localhost/ ... Do you get the error or?

Mike

"Steve" <trmfp@yahoo.com> wrote in message
news:022f01c47a56$968f5b10$a401280a@phx.gbl...
> OK, I have imported the certificate into the local store
> and am still having the problem even after resetting the
> IIS Services. I read several articles on how to setup
> SSL and none of them had anything on the Local
> Certificate Store, only the IIS Wizard method. Is that
> normally necessary?
>
> Why is my certificate different than yours? Is it
> because you purchased one from a Certificate Authority
> and I have published my own?
>
> Thx,
>
> Steve
> >-----Original Message-----
> >Steve and Mark,
> >
> >what CA did you use to issue this certificates? Your
> internal -- Microsoft
> >CA services that comes with Windows or ... ?
> >
> >How do you have IP setup? Any unassigned or? Is this
> only web site on this
> >server? If not, can you stop any other site and restart
> IIS. Make sure that
> >only Default Web Site is running.
> >
> >Can you go over this Microsoft article?
> >
> >HOW TO: Install Imported Certificates on a Web Server in
> Windows Server 2003
> >http://support.microsoft.com/default.aspx?scid=kb;en-
> us;816794&Product=iis60
> >
> >Mike
> >
> >"Steve" <trmfp@nospam.yahoo.com> wrote in message
> >news:006e01c47a42$19339e60$a401280a@phx.gbl...
> >> The bottom part is correct, however the top reads as
> >> follows:
> >>
> >> This certificate is inteded for te following purpose
> >> All Issuance Policies
> >> All Application Polices
> >>
> >> Thanks,
> >>
> >> Steve
> >> >-----Original Message-----
> >> >Hi,
> >> >
> >> >can you check your certificate and see if it has these
> >> two properties set.
> >> >Compare it to example that I posted here...
> >> >http://freeweb.siol.net/mpihler/cert.jpg
> >> >
> >> >You can view your certificate if you open your Default
> >> Web Site ->
> >> >Properties -> Directory Security -> View Certificate.
> >> >
> >> >Mike
> >> >
> >> >"Steve" <trmfp@yahoo.com> wrote in message
> >> >news:c33301c47a3b$21a028e0$a301280a@phx.gbl...
> >> >> OK, here is what I get when trying to telnet:
> >> >>
> >> >> I type in either telnet servername 443 or telnet
> >> x.x.x.x
> >> >> 443 and press enter, I get a blank black screen.
> >> >>
> >> >> If I press Ctrl + ] then it gives me a microsoft
> telnet
> >> >> prompt
> >> >>
> >> >> I am assuming that I am connected at that point?
> >> >>
> >> >> Don't know what this extra step is about.
> >> >>
> >> >> Anyway, it looks like I can see it now, but I still
> >> can't
> >> >> access my web pages via https://
> >> >>
> >> >> Should I use the host name or servername in my
> >> >> certificate?
> >> >>
> >> >> Steve
> >> >> >-----Original Message-----
> >> >> >Hi Steve,
> >> >> >
> >> >> >no this is not normal -- either web service is not
> >> >> running or access to this
> >> >> >TCP port if filtered (e.g. on firewall). Try to
> >> connect
> >> >> from the server
> >> >> >itself e.g.
> >> >> >
> >> >> >telnet localhost 443
> >> >> >
> >> >> >and
> >> >> >
> >> >> >telnet 10.10.10.10 443
> >> >> >
> >> >> >(replace 10.10.10.10 with real server's IP). Does
> this
> >> >> work? If it does,
> >> >> >check firewall configuration again. If it doesn't
> >> check
> >> >> IIS configuration
> >> >> >and restart IIS service...
> >> >> >
> >> >> >Mike
> >> >> >
> >> >> >"Steve" <trmfp@nospam.yahoo.com> wrote in message
> >> >> >news:c2d601c47a38$8362e430$a301280a@phx.gbl...
> >> >> >> Thanks for the quick reply, Mike. I do have the
> >> port
> >> >> >> defined as 443 in IIS. When I try to telnet, it
> >> just
> >> >> >> sits there and says connecting to
> servername.......
> >> >> >>
> >> >> >> Maybe I have done something wrong in the
> certificate
> >> >> >> creation. As I stated before it is
> >> >> >> servername.publicdomainname.com
> >> >> >>
> >> >> >> Should it be hostname.publicdomainname.com? By
> >> >> hostname
> >> >> >> I mean the header such as email or www or etc.
> >> >> >>
> >> >> >> I do have Port 443 Open to this server in my
> >> firewall,
> >> >> >> but I also tried telnet to the IP address of the
> >> server
> >> >> >> and the port number and it still just said
> >> connecting.
> >> >> >> Or is that normal.
> >> >> >>
> >> >> >> Steve
> >> >> >>
> >> >> >>
> >> >> >> >-----Original Message-----
> >> >> >> >Hi Steve,
> >> >> >> >
> >> >> >> >if you check Default Site properties is SSL port
> >> >> >> defined? It should be 443?
> >> >> >> >
> >> >> >> >Can you telnet to
> servername.publicdomainname.com
> >> on
> >> >> >> port 443?
> >> >> >> >
> >> >> >> >telnet servername.publicdomainname.com 443
> >> >> >> >
> >> >> >> >I hope this helps,
> >> >> >> >
> >> >> >> >Mike
> >> >> >> >
> >> >> >> >"Steve" <trmfp@nospam.yahoo.com> wrote in
> message
> >> >> >> >news:c32a01c47a31$51ea9210$a401280a@phx.gbl...
> >> >> >> >> I am attempting to setup my Exchange Server's
> >> >> Default
> >> >> >> >> Website with HTTPS instead of HTTP. I have
> >> >> installed
> >> >> >> >> certificate services, created and installed
> the
> >> >> >> >> certificate in this format:
> >> >> >> >>
> >> >> >> >> servername.publicdomainname.com
> >> >> >> >>
> >> >> >> >> I have turned on the "require ssl" in IIS
> >> >> >> >>
> >> >> >> >> But, when I try to open the site either
> >> internally
> >> >> >> using
> >> >> >> >> the server's IP address or externally using
> the
> >> >> public
> >> >> >> >> domain name (i.e. www.publicdomainname.com) I
> >> get a
> >> >> >> page
> >> >> >> >> cannot be displayed error message.
> >> >> >> >>
> >> >> >> >> If it type in the old http: then it tells me
> to
> >> try
> >> >> >> using
> >> >> >> >> https: so I know that it sees the option is
> >> turned
> >> >> on.
> >> >> >> >>
> >> >> >> >> Running Server 2003 Standard with Exchange
> Server
> >> >> 2003.
> >> >> >> >> I am trying to get this setup so that I can
> have
> >> >> RPC or
> >> >> >> >> http and also activesync directly work with
> the
> >> >> server.
> >> >> >> >>
> >> >> >> >> Any help is appreciated,
> >> >> >> >>
> >> >> >> >> Thanks,
> >> >> >> >>
> >> >> >> >> Steve
> >> >> >> >
> >> >> >> >
> >> >> >> >.
> >> >> >> >
> >> >> >
> >> >> >
> >> >> >.
> >> >> >
> >> >
> >> >
> >> >.
> >> >
> >
> >
> >.
> >