SSL Problems

I have a IIS server (windows 2003 SP2) and a Certificate authority server on
a different server (also w2k3 sp2)... On the IIS server I created a site
(the server has 2 static ip's) that is on the main IP which is 10.10.1.12
then entered 443 as the SSL port and changed the default listening port to
10.10.1.12... I went to the directory security settings and set up a
computer certificate for the servers netbios name in the domain... that
seemed to set up ok, i can click view certificate and see it just fine...
and turned on anonymous authentication... all seems fine so far... if I go
to HTTP://{servers netbiosname} the site shows up fine! if I go to
HTTPS://{servers netbiosname} just a long pause then a error message and no
site... just sits forever on "waiting for https://{servers netbiosname}"
then "The connection was interrupted - The connection to {servers
netbiosname} was interrupted while the page was loading." error message in
firefox... in IE it just shows nothing at all... I can telnet into the
server on the ssl port fine and get a connection... just like i can on port
80... any idea what is going on here?

Smokey
Mon May 05 22:22:55 CDT 2008

Some more info to this...

just ran SSLDiag and it told me "You have a private key that corresponds to
this certificate but CryptAcquireCertificatePrivateKey failed"... said to
reimport the cert... I did that and no help there... same error I checked
the cert in the MMC Certificates window and it says it has a private key for
the server's cert... so im stumped... tried adding "system" user's account
to the C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys folder with full permissions to see if
that was it and still have the error... im stumped... anyone know where to
look? thanks



"Smokey Grindel" <junker1@vospect.com> wrote in message
news:eMTIFXyrIHA.5724@TK2MSFTNGP06.phx.gbl...
>I have a IIS server (windows 2003 SP2) and a Certificate authority server
>on a different server (also w2k3 sp2)... On the IIS server I created a site
>(the server has 2 static ip's) that is on the main IP which is 10.10.1.12
>then entered 443 as the SSL port and changed the default listening port to
>10.10.1.12... I went to the directory security settings and set up a
>computer certificate for the servers netbios name in the domain... that
>seemed to set up ok, i can click view certificate and see it just fine...
>and turned on anonymous authentication... all seems fine so far... if I go
>to HTTP://{servers netbiosname} the site shows up fine! if I go to
>HTTPS://{servers netbiosname} just a long pause then a error message and no
>site... just sits forever on "waiting for https://{servers netbiosname}"
>then "The connection was interrupted - The connection to {servers
>netbiosname} was interrupted while the page was loading." error message in
>firefox... in IE it just shows nothing at all... I can telnet into the
>server on the ssl port fine and get a connection... just like i can on port
>80... any idea what is going on here?
>

David
Mon May 05 22:27:24 CDT 2008

On May 5, 8:03=A0pm, "Smokey Grindel" <junk...@vospect.com> wrote:
> I have a IIS server (windows 2003 SP2) and a Certificate authority server =
on
> a different server (also w2k3 sp2)... On the IIS server I created a site
> (the server has 2 static ip's) that is on the main IP which is 10.10.1.12
> then entered 443 as the SSL port and changed the default listening port to=

> 10.10.1.12... I went to the directory security settings and set up a
> computer certificate for the servers netbios name in the domain... that
> seemed to set up ok, i can click view certificate and see it just fine...
> and turned on anonymous authentication... all seems fine so far... if I go=

> to HTTP://{servers netbiosname} the site shows up fine! if I go to
> HTTPS://{servers netbiosname} just a long pause then a error message and n=
o
> site... just sits forever on "waiting for https://{servers netbiosname}"
> then "The connection was interrupted - The connection to {servers
> netbiosname} was interrupted while the page was loading." error message in=

> firefox... in IE it just shows nothing at all... I can telnet into the
> server on the ssl port fine and get a connection... just like i can on por=
t
> 80... any idea what is going on here?


Does https://10.10.1.12 work?

If it does, then it's a network name-resolution issue outside of IIS.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

Smokey
Tue May 06 12:17:38 CDT 2008

figured it out today... after i added the system account as a full access
users to the machinekeys folder i had to restart the HTTPSSL service and
after that it worked fine... everywhere else just said reset the WWW
service... which didnt fix the problem

"David Wang" <w3.4you@gmail.com> wrote in message
news:93ba849a-261f-4bff-b769-bcedcc53f0cc@l17g2000pri.googlegroups.com...
On May 5, 8:03 pm, "Smokey Grindel" <junk...@vospect.com> wrote:
> I have a IIS server (windows 2003 SP2) and a Certificate authority server
> on
> a different server (also w2k3 sp2)... On the IIS server I created a site
> (the server has 2 static ip's) that is on the main IP which is 10.10.1.12
> then entered 443 as the SSL port and changed the default listening port to
> 10.10.1.12... I went to the directory security settings and set up a
> computer certificate for the servers netbios name in the domain... that
> seemed to set up ok, i can click view certificate and see it just fine...
> and turned on anonymous authentication... all seems fine so far... if I go
> to HTTP://{servers netbiosname} the site shows up fine! if I go to
> HTTPS://{servers netbiosname} just a long pause then a error message and
> no
> site... just sits forever on "waiting for https://{servers netbiosname}"
> then "The connection was interrupted - The connection to {servers
> netbiosname} was interrupted while the page was loading." error message in
> firefox... in IE it just shows nothing at all... I can telnet into the
> server on the ssl port fine and get a connection... just like i can on
> port
> 80... any idea what is going on here?


Does https://10.10.1.12 work?

If it does, then it's a network name-resolution issue outside of IIS.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//