Previous Next

• 06-30-2008, 8:05 AM

  sweetleaf Joined on 06-30-2008, 7:52 AM Posts 3

  ISAPI Filters Reply Contact I've recently installed a certificate on my Windows 2003 webserver and I don't seem to be able to get it to work. Http is fine, but if I try and access the site using https I just get 'page cannot be displayed'.  I've looked through the usual MS documents to try and solve the issue and have downloaded the IIS Diag tool.  This reckoned strmfilt.dll was not loaded into lsass.exe and to check and install sspifilt.dll in ISAPI filters. Sspifilt.dll isn't installed in ISAPI filters and I can't find it on the server or on the W2003 CD.  I can't see any reference to it in relation to IIS6 (have found docs re sspifilt and IIS4/5). Does IIS 6 really need sspifilt?  And if so, does anyone know where I can get it from?  I did download one, but IIS didn't like it at all! Thanks

  Tags: SSLiis6ISAPIIis 6.0 SSL Issuesssldiagcertificateiis 6HTTPSSSL Issues

• 06-30-2008, 8:49 AM

  In reply to

  Rovastar Joined on 03-13-2008, 10:00 AM London, UK Posts 594

  Re: ISAPI Filters Reply Contact  sspifilt.dll is a IIS 4 & 5 thing. This dll is for SSL security stuff and is now integrated into IIS 6.0 See if these links help you: https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO3882 http://blogs.iis.net/chrisad/archive/2006/09/05/SSL_3A00_--Inside-_2600_amp_3B00_-Out-_2800_well_2C00_-as-much-as-I-know_21002900_.aspx so maybe you could try the SSL diag toolkit  http://www.microsoft.com/downloads/details.aspx?FamilyID=cabea1d0-5a10-41bc-83d4-06c814265282&DisplayLang=en Most overused word in IT is 'should' as in 'That should work!?!'

• 06-30-2008, 9:42 AM

  In reply to

  sweetleaf Joined on 06-30-2008, 7:52 AM Posts 3

  Re: ISAPI Filters Reply Contact Thanks for the suggestions.  I've been through the thawte stuff (they're the ones who issued the certificate) and the IIS diag tool is the thing that complained about sspifilt.dll.  I'll have a good look through the other link though. :) I've obviously got something wrong somewhere - I just can't seem to figure out where! I even get the 'cannot display page' when trying to access the page using https on the server itself.

• 06-30-2008, 9:53 AM

  In reply to

  Rovastar Joined on 03-13-2008, 10:00 AM London, UK Posts 594	Re: ISAPI Filters Reply Contact  There is a SSL diagnotic kit that I mentioned a different thing to the DebugDiag Most overused word in IT is 'should' as in 'That should work!?!'

• 06-30-2008, 10:31 AM

  In reply to

  sweetleaf Joined on 06-30-2008, 7:52 AM Posts 3

  Re: ISAPI Filters Reply Contact Hi Yes, it was the diagnostic kit that I downloaded, not the debug - although might try that if it's likely to help. The full log is : System time: Mon, 30 Jun 2008 14:13:48 GMT ModuleFileName: C:\Program Files (x86)\IIS Resources\SSLDiag\SSLDiag.exe version: 1.1:34.0 CommandLine: "C:\Program Files (x86)\IIS Resources\SSLDiag\SSLDiag.exe" ProcessorArchitecture: AMD64 #WARNING:The executable for SSL Diagnostics is not matching your platform hence some features are disabled. Please install the AMD64 version of SSL Diagnostics. OS: Windows 2003 Service Pack 2 IIS6 - World Wide Web Publishing (W3SVC) service is installed [ HKLM\System\CurrentControlSet\Services\HTTPFilter ] ImagePath = C:\WINDOWS\system32\lsass.exe Parameters\CertChainCacheOnlyUrlRetrieval = True(default) EnableKernelSsl = False(default) strmfilt.dll loaded into process 1896 (w3wp.exe) #WARNING:strmfilt.dll is not loaded into lsass.exe [ SChannel Info ] ServerCacheEntries = 0 ServerActiveEntries = 0 ServerHandshakes = 0 ServerReconnects = 0 CacheSize = 10000 [ W3SVC/1 ] ServerComment = [removed] ServerAutoStart = True ServerState = Server started #Could not impersonate server account SSLCertHash = 77 9a 3d 32 24 e5 8d 04 8e b2 30 1a a7 25 22 4c aa 06 7a d8 SSLStoreName = MY #CertName = [removed] #You have a private key that corresponds to this certificate #ContainerName='{A4A76EEB-4FDB-447F-B88E-EC310D9A42BC}' #ProvName='Microsoft RSA SChannel Cryptographic Provider' ProvType=PROV_RSA_SCHANNEL KeySpec=AT_KEYEXCHANGE #Subject: C=GB, S=London, L=London, O="[removed]", OU=[removed]l, CN=[removed] #Issuer: C=ZA, S=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, E=premium-server@thawte.com #Validity: From 23/05/2008 01:00:00 To 24/05/2009 00:59:59 CertVerifyCertificateChainPolicy succeeded SecureBindings = 89.0.0.1:443: Diagnostics complete, system time: Mon, 30 Jun 2008 14:13:49 GMT