|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Problems with IIS6 / SSLI recently installed one Windows 2003 Server and after I installed IIS 6. I have 2 web sites configured: one I want to answer to port 80, the other will listen 443. I install a certificate (ok) using the acticle id 816794 as reference. Everything seems ok. Only... SSL do not work! The 80 port works... I have IIS Diagnostics installed and when I run SSL Diagnostics I have the following 2 lines: #WARNING: AcquireCredentialsHandle failed with error -2146893043(0x8009030d) #WARNING:AccessSSL = True (resource inaccessible due to SSL does not work on this website) I've one server installed and configured with Windows 2000 Server + IIS 5 and I do not remember to have these problems. Anyone knows how to solve this problem? Thank's. Pedro L. SSL needs 1 virtual web, 1 IP address and 1 hostname.
If you cannot devote those three items to the cert-enabled site in exclusivity, you can't do SSL. From your description, it sounds like you are trying to share the same IP with two sites, one with SSL. That won't work. Show quoteHide quote "Lajus Norvejikus" <LajusNorveji***@discussions.microsoft.com> wrote in message news:C89DAC9D-F45F-4BB3-AB77-88D1FC4CC63B@microsoft.com... > Hi all, > > I recently installed one Windows 2003 Server and after I installed IIS 6. > I > have 2 web sites configured: one I want to answer to port 80, the other > will > listen 443. I install a certificate (ok) using the acticle id 816794 as > reference. Everything seems ok. Only... SSL do not work! The 80 port > works... > > I have IIS Diagnostics installed and when I run SSL Diagnostics I have the > following 2 lines: > #WARNING: AcquireCredentialsHandle failed with > error -2146893043(0x8009030d) > #WARNING:AccessSSL = True (resource inaccessible due to SSL does not work > on > this website) > > I've one server installed and configured with Windows 2000 Server + IIS 5 > and I do not remember to have these problems. > > Anyone knows how to solve this problem? > Thank's. > Pedro L. I have that configuration in a Windows 2000 / IIS 5 installation! I simply
want to make an upgrade... server, operating system and http server. I don't know if I can have more IP's to dedicate. In the old configuration (Win2K/IIS5), I have one site using http on port 80 and another site using ports 81 (not really used) and 443 for SSL. Everything works perfectly. I don't believe that not exists a solution for this. Any ideas? Pedro L. Show quoteHide quote "Ratatooie" wrote: > > SSL needs 1 virtual web, 1 IP address and 1 hostname. > > If you cannot devote those three items to the cert-enabled site in > exclusivity, you can't do SSL. > > From your description, it sounds like you are trying to share the same IP > with two sites, one with SSL. That won't work. > > "Lajus Norvejikus" <LajusNorveji***@discussions.microsoft.com> wrote in > message news:C89DAC9D-F45F-4BB3-AB77-88D1FC4CC63B@microsoft.com... > > Hi all, > > > > I recently installed one Windows 2003 Server and after I installed IIS 6. > > I > > have 2 web sites configured: one I want to answer to port 80, the other > > will > > listen 443. I install a certificate (ok) using the acticle id 816794 as > > reference. Everything seems ok. Only... SSL do not work! The 80 port > > works... > > > > I have IIS Diagnostics installed and when I run SSL Diagnostics I have the > > following 2 lines: > > #WARNING: AcquireCredentialsHandle failed with > > error -2146893043(0x8009030d) > > #WARNING:AccessSSL = True (resource inaccessible due to SSL does not work > > on > > this website) > > > > I've one server installed and configured with Windows 2000 Server + IIS 5 > > and I do not remember to have these problems. > > > > Anyone knows how to solve this problem? > > Thank's. > > Pedro L. > > > Did you correctly install the Server Certificate with its Private Key.
Especially if you exported this certificate from the old server - remember to export the Private key of the cert. -- Show quoteHide quote//David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Lajus Norvejikus" <LajusNorveji***@discussions.microsoft.com> wrote in message news:5D6DE713-AA73-4C6F-9EBA-FE2B4CC60175@microsoft.com... >I have that configuration in a Windows 2000 / IIS 5 installation! I simply > want to make an upgrade... server, operating system and http server. I > don't > know if I can have more IP's to dedicate. > > In the old configuration (Win2K/IIS5), I have one site using http on port > 80 > and another site using ports 81 (not really used) and 443 for SSL. > Everything > works perfectly. > > I don't believe that not exists a solution for this. Any ideas? > > Pedro L. > > "Ratatooie" wrote: > >> >> SSL needs 1 virtual web, 1 IP address and 1 hostname. >> >> If you cannot devote those three items to the cert-enabled site in >> exclusivity, you can't do SSL. >> >> From your description, it sounds like you are trying to share the same IP >> with two sites, one with SSL. That won't work. >> >> "Lajus Norvejikus" <LajusNorveji***@discussions.microsoft.com> wrote in >> message news:C89DAC9D-F45F-4BB3-AB77-88D1FC4CC63B@microsoft.com... >> > Hi all, >> > >> > I recently installed one Windows 2003 Server and after I installed IIS >> > 6. >> > I >> > have 2 web sites configured: one I want to answer to port 80, the other >> > will >> > listen 443. I install a certificate (ok) using the acticle id 816794 as >> > reference. Everything seems ok. Only... SSL do not work! The 80 port >> > works... >> > >> > I have IIS Diagnostics installed and when I run SSL Diagnostics I have >> > the >> > following 2 lines: >> > #WARNING: AcquireCredentialsHandle failed with >> > error -2146893043(0x8009030d) >> > #WARNING:AccessSSL = True (resource inaccessible due to SSL does not >> > work >> > on >> > this website) >> > >> > I've one server installed and configured with Windows 2000 Server + IIS >> > 5 >> > and I do not remember to have these problems. >> > >> > Anyone knows how to solve this problem? >> > Thank's. >> > Pedro L. >> >> >> David,
Now it works and using only one IP address! I'm issuing the certificates using Certificate Services from another known Windows domain. This can be done using the Microsoft Certificate Services web forms and, after certification generation, choosing to install it if logged as Administrator. Except the certificate installation, I do everything as article id 816794 explanations in http://support.microsoft.com/default.aspx?scid=kb;en-us;816794. I don't know if the problem was the private key but when I tried to issue the new certificate (that works) I chose the form the "use local machine store" option. Maybe that was the difference but I will look to the 2 certificates to find out the difference. Thank you David. Pedro L. Show quoteHide quote "David Wang [Msft]" wrote: > Did you correctly install the Server Certificate with its Private Key. > Especially if you exported this certificate from the old server - remember > to export the Private key of the cert. > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no rights. > // > > "Lajus Norvejikus" <LajusNorveji***@discussions.microsoft.com> wrote in > message news:5D6DE713-AA73-4C6F-9EBA-FE2B4CC60175@microsoft.com... > >I have that configuration in a Windows 2000 / IIS 5 installation! I simply > > want to make an upgrade... server, operating system and http server. I > > don't > > know if I can have more IP's to dedicate. > > > > In the old configuration (Win2K/IIS5), I have one site using http on port > > 80 > > and another site using ports 81 (not really used) and 443 for SSL. > > Everything > > works perfectly. > > > > I don't believe that not exists a solution for this. Any ideas? > > > > Pedro L. > > > > "Ratatooie" wrote: > > > >> > >> SSL needs 1 virtual web, 1 IP address and 1 hostname. > >> > >> If you cannot devote those three items to the cert-enabled site in > >> exclusivity, you can't do SSL. > >> > >> From your description, it sounds like you are trying to share the same IP > >> with two sites, one with SSL. That won't work. > >> > >> "Lajus Norvejikus" <LajusNorveji***@discussions.microsoft.com> wrote in > >> message news:C89DAC9D-F45F-4BB3-AB77-88D1FC4CC63B@microsoft.com... > >> > Hi all, > >> > > >> > I recently installed one Windows 2003 Server and after I installed IIS > >> > 6. > >> > I > >> > have 2 web sites configured: one I want to answer to port 80, the other > >> > will > >> > listen 443. I install a certificate (ok) using the acticle id 816794 as > >> > reference. Everything seems ok. Only... SSL do not work! The 80 port > >> > works... > >> > > >> > I have IIS Diagnostics installed and when I run SSL Diagnostics I have > >> > the > >> > following 2 lines: > >> > #WARNING: AcquireCredentialsHandle failed with > >> > error -2146893043(0x8009030d) > >> > #WARNING:AccessSSL = True (resource inaccessible due to SSL does not > >> > work > >> > on > >> > this website) > >> > > >> > I've one server installed and configured with Windows 2000 Server + IIS > >> > 5 > >> > and I do not remember to have these problems. > >> > > >> > Anyone knows how to solve this problem? > >> > Thank's. > >> > Pedro L. > >> > >> > >> > > > There's really nothing mysterious. In order for the server to do SSL, it has
to have a server certificate and it must have the private key. The certificate has to be in "local machine" for IIS to go look it up and use it. Basically, unless you know exactly what you are doing and understand the logic behind the instructions, you need to follow instructions carefully. -- Show quoteHide quote//David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Lajus Norvejikus" <LajusNorveji***@discussions.microsoft.com> wrote in message news:2A9C3F73-4333-4466-ACC0-F83B0304568A@microsoft.com... > David, > > Now it works and using only one IP address! > > I'm issuing the certificates using Certificate Services from another known > Windows domain. This can be done using the Microsoft Certificate Services > web > forms and, after certification generation, choosing to install it if > logged > as Administrator. Except the certificate installation, I do everything as > article id 816794 explanations in > http://support.microsoft.com/default.aspx?scid=kb;en-us;816794. > > I don't know if the problem was the private key but when I tried to issue > the new certificate (that works) I chose the form the "use local machine > store" option. Maybe that was the difference but I will look to the 2 > certificates to find out the difference. > > Thank you David. > Pedro L. > > "David Wang [Msft]" wrote: > >> Did you correctly install the Server Certificate with its Private Key. >> Especially if you exported this certificate from the old server - >> remember >> to export the Private key of the cert. >> >> -- >> //David >> IIS >> http://blogs.msdn.com/David.Wang >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> // >> >> "Lajus Norvejikus" <LajusNorveji***@discussions.microsoft.com> wrote in >> message news:5D6DE713-AA73-4C6F-9EBA-FE2B4CC60175@microsoft.com... >> >I have that configuration in a Windows 2000 / IIS 5 installation! I >> >simply >> > want to make an upgrade... server, operating system and http server. I >> > don't >> > know if I can have more IP's to dedicate. >> > >> > In the old configuration (Win2K/IIS5), I have one site using http on >> > port >> > 80 >> > and another site using ports 81 (not really used) and 443 for SSL. >> > Everything >> > works perfectly. >> > >> > I don't believe that not exists a solution for this. Any ideas? >> > >> > Pedro L. >> > >> > "Ratatooie" wrote: >> > >> >> >> >> SSL needs 1 virtual web, 1 IP address and 1 hostname. >> >> >> >> If you cannot devote those three items to the cert-enabled site in >> >> exclusivity, you can't do SSL. >> >> >> >> From your description, it sounds like you are trying to share the same >> >> IP >> >> with two sites, one with SSL. That won't work. >> >> >> >> "Lajus Norvejikus" <LajusNorveji***@discussions.microsoft.com> wrote >> >> in >> >> message news:C89DAC9D-F45F-4BB3-AB77-88D1FC4CC63B@microsoft.com... >> >> > Hi all, >> >> > >> >> > I recently installed one Windows 2003 Server and after I installed >> >> > IIS >> >> > 6. >> >> > I >> >> > have 2 web sites configured: one I want to answer to port 80, the >> >> > other >> >> > will >> >> > listen 443. I install a certificate (ok) using the acticle id 816794 >> >> > as >> >> > reference. Everything seems ok. Only... SSL do not work! The 80 port >> >> > works... >> >> > >> >> > I have IIS Diagnostics installed and when I run SSL Diagnostics I >> >> > have >> >> > the >> >> > following 2 lines: >> >> > #WARNING: AcquireCredentialsHandle failed with >> >> > error -2146893043(0x8009030d) >> >> > #WARNING:AccessSSL = True (resource inaccessible due to SSL does not >> >> > work >> >> > on >> >> > this website) >> >> > >> >> > I've one server installed and configured with Windows 2000 Server + >> >> > IIS >> >> > 5 >> >> > and I do not remember to have these problems. >> >> > >> >> > Anyone knows how to solve this problem? >> >> > Thank's. >> >> > Pedro L. >> >> >> >> >> >> >> >> >> 
Other interesting topics
problem: SSL certificate associated with website in IIS changes upon reboot
Install SSL on Default Website Affects Other websites??? Application Pool timouts. HELP!!! - Our images pulled from other servers IIS6 and Integrated Security problem Locking down FPSE Lock user in website folder Outlook web access IIS suddenly wants login? Getting Server SSL Cert Expiration Info |
|||||||||||||||||||||||
