|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
SSL and IIS 5.0Interesting issue with a site that uses SSL and IIS 5.0. All of a sudden
today, we couldn't browse to the site using SSL. All attempts simply timeout. Nothing in the logs. Take SSL off of the site and it works fine. Certificate is good through September of 2006. I even removed the certificate issued from an external CA, issued one from a test CA that we have, and same results. Aside from reinstalling IIS, does anyone have any suggestions? We've rebooted, turned off virus protection, did packet sniffing, even sprinkled holy beer on the damn thing. Umm... I recommend against reinstallation. It is not clear what data you
gathered supports that drastic action. Since you probably made no system modifications, why would system reinstallation fix any non-system modification? I would first run SSLDiag: http://www.microsoft.com/windowsserver2003/iis/diagnostictools/default.mspx Then, I would check whether the CRL or any other related certificates of your Server's certificate has expired. Browers and Servers validate those details when negotiating SSL (contrary to popular belief, it's not just the client and server certificates involved in SSL...), and problems there can result in Timeout or other non-obvious effects. -- Show quoteHide quote//David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Ed Sitz" <si***@medjames.com> wrote in message news:OpG2o6wjGHA.4284@TK2MSFTNGP05.phx.gbl... > Interesting issue with a site that uses SSL and IIS 5.0. All of a sudden > today, we couldn't browse to the site using SSL. All attempts simply > timeout. Nothing in the logs. Take SSL off of the site and it works > fine. Certificate is good through September of 2006. I even removed the > certificate issued from an external CA, issued one from a test CA that we > have, and same results. > > Aside from reinstalling IIS, does anyone have any suggestions? We've > rebooted, turned off virus protection, did packet sniffing, even sprinkled > holy beer on the damn thing. > Can you browse http://wwwSITENAME.com:443 ?
It sounds like the port for SSL (443) has been cut off or firewalled or something. (the above test will rule out SSL as the issue or rule in SSL as the issue) Show quoteHide quote "Ed Sitz" <si***@medjames.com> wrote in message news:OpG2o6wjGHA.4284@TK2MSFTNGP05.phx.gbl... > Interesting issue with a site that uses SSL and IIS 5.0. All of a sudden > today, we couldn't browse to the site using SSL. All attempts simply > timeout. Nothing in the logs. Take SSL off of the site and it works > fine. Certificate is good through September of 2006. I even removed the > certificate issued from an external CA, issued one from a test CA that we > have, and same results. > > Aside from reinstalling IIS, does anyone have any suggestions? We've > rebooted, turned off virus protection, did packet sniffing, even sprinkled > holy beer on the damn thing. > 
Other interesting topics
Kerberos error KDC_ERR_BADOPTION
Anyone know about streaming .wmv ? problem downloading exe file on server 2003 iis with sp1 SSL and Load Balanced Servers (Revocation message) Run IIS as admin to write to Active Directory - security risk? SSL using locally generated certificate SSL on an IIS cluster child Folder named system disappears then cant delete its parent test a web service? IIS 6.0 Integrated Security |
|||||||||||||||||||||||
