I am setting up IIS 7.0 on a Windows Vista box. I am using self-signed certificate (by using built-in Create Self-Signed Certificate feature of IIS 7.0) on a web site. The I can browse from the local machine (the machine with IIS and web site) for the https address, for example, https://machinename/test.html, it works.
But when I browse another machine, using the same url, https://machinename/test.html, it does not work (browsers shows cannot connect error message). when browse from another machine using http, e.g. http://machinename/test.html, it works. Any ideas what is wrong? Any limitation of self-signed certificate from another machine?
thanks in advance,
George
Verify that SSL port 443 is allowed by the system's firewall.
Related
How to setup a self-signed certificate for iis but without a hostname.
I'm building a website for enterprise, it's a local lan website, But Since I want to use identity server for SSO, I need to bind the site to https.
I've created a self-signed certificate, and bind to the website, But when I browse to this site, all the browsers said this site is not secure, so the identity server didn't work.
After searching a lot on the web, it seems the site need a hostname to make the certificate work. But it's an enterprise internal website, I don't think it can be bound to a hostname.
I don't know how to make https work normally. please help!!!
I have a web role which is configured for 2 endpoints, one http, one https 443:
Then I have 3 certs (one is the main and 2 are CA). I have uploaded all of these and also checked thumbprints are correct.
But when I deploy, the http site works fine but the https site does not. Fiddler shows:
Authentication failed because the remote party has closed the
transport stream
Any ideas?
Note: Also worth noting this https works fine when on local machine through Visual Studio and only reports the certificate error, which is expected.
First, open the portal and enable RDP to the instances, then connect to the role instance, open IIS, and verify the HTTPS binding is configured properly. Try accessing the site using https locally from the server and verify it works.
Report with the findings.
Our current site is on IIS 6.0 with an EV SSL certificate from GoDaddy (I know - bad choice).
I'm currently in the process of migrating to a new server with IIS 7.5. I need to keep the same host name so when the switchover is ready I just want to re-IP the servers.
If I export the SSL from IIS 6.0 and import it on the IIS 7.5 server, will this disable the certificate on the IIS 6? Ideally I'd like to copy the certificate to the new box and then through my hosts file pointing to the new server complete my testing and migration.
GoDaddy support's e-mail response to this, while surprisingly thorough, wasn't clear on that point. They also suggested that after the certificate was moved to the new server to re-key through their site.
Exporting your SSL certificate does not disable your certificate. It just makes a backup copy of it. You should be able to export your certificate from your old server and then import it into your new server with no problem.
If you modify your hosts, as you mentioned, it should let you test your certificate as working.
I configured the Default website in IIS for SSL by creating a CSR using the IIS itself, submitted it to a CA, and assigned the issued certificate as the server certificate. That's all is required in this world to setup server SSL. But when I open the https url it says "Internet Explorer cannot display the webpage". Which pillar should I bang my head against to get it working? The only help from microsoft I could find is that useless arcicle http://support.microsoft.com/?id=290391 that presupposes you are configuring a non-default website for SSL and goes on and on about port conflict. I'm using default website for https.
I'm using windows xp, IIS 5.1 and Microsoft Management Console 3.0.
Please help or courier me a shotgun for shooting myself.
Edit: After I configured IIS for SSL, the Apache Tomcat server which had been configured on port 8080 has suddenly stopped working. The 8080 urls just timeout. What is the connection?
Edit: Because I can't live without Tomcat on my machine, I used another machine to setup IIS SSL after stopping the tomcat there. I face the same problem there, "Internet Explorer cannot display the webpage". Please help before I shoot myself.
Don't shoot!
XP has given me fits with SSL... have you tried setting the application pool to high/isolated setting up the website with an identity under COM?
That seemed to solve some issues for me.
Also - did you make sure to set it up in the correct stores? Is this an application that is running under your account or a service account? If it is a service account you may need to do a RUN AS on the certificate management console and add under that user's personal store as well as under the appropriate store for the machine/computer.
Good luck.
Is there a way to programaticaly install a ssl cert for iis 6 and 7?
Yeah try IIS 6.0 Resource Kit Tools:
http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&displaylang=en
It includes a tool called: IISCertDeploy.vbs. This is a tool for deploying and for backing up SSL certificates on servers that run IIS 6.0. You can use IISCertDeploy.vbs to deploy the certificate to a local server, to a cluster of servers, or to a remote server. You can also use IISCertDeploy.vbs to back up a certificate by exporting the certificate from a Web site to a Personal Information Exchange (.pfx) file that contains both the private key and the public key.