Search results matching tag 'SSL'

FTP 7.5 SSL disconnects after 15 minutes. Large Files

Comptekcs — Wed, 02 Dec 2009 04:52:58 GMT

I am having the oddest issue so I hope somone has an idea.

Backstory: 3 different ISP's, 2 different physical servers, 1 2008 server and now 2008R2. This is a dedicated FTP server. 2008R2, FTP Role, local firewall off, hardware firewall ports open, and trying to upload anything over about 65MB the connection will reset and start to upload again from 0. On the downloads, same thing but it resumes from where it left off. This issue has happened every time both on 7.0 and 7.5

I have an official SSL cert (not self-signed) using FTPES explicit. Connections/Authentications are good and smaller files upload just fine.

I have adjusted .config files for size limits as some of the forums have suggested but that didn't work.

FileZilla just blips and does the reconnect, no error message. I can't find anything in FTP logs either.

Does anyone have a clue or could point me in where I can get some better logging?

Certificate Issues

HasanSheriff — Fri, 27 Nov 2009 09:11:32 GMT

Hi All,
I've been trying to solve an IIS/Certificate problem for a few days.
I can create a self signed cert and install it on the default website sucessfully.
I have a trial cert from GeoTrust and have sucessfully installed it on another site, but cannot bring up the site in HTTPS.
I have disabled all other sites from using HTTPS/Port 443, but cannot even telnet to port 443.
Can someone guide me in the right direction?
Thanks.

SSL Certificate Renewal, Windows Mobile Acess and iPhone Access

edwardwagner — Wed, 18 Nov 2009 21:12:56 GMT

I recently renewed my Verisign SSL certificate and installed it successfully; however the two handheld devices - Samsung Windows Mobile device (with latest version of Windows Mobile) and iPhone (latest OS) - cannot communicate with the Exchange 2003 (Windows 2003 SP2) server once I check the "require SSL" box. The Samsung gives a "0x85010014" error code, and the iPhone just states that it cannot communicate with the server.

I can still use OWA fine. If I do not require SSL on the server end, while still requiring it on each handheld device, everything is happy (except, of course, you can login into the OWA with http:). I spent a long time with the Verisign tech support and did not find anything to solve the problem. We did solve a related issue, which was that the Samsung device could not communicate even without SSL - needed to download a new certifcate to that phone since some models did not have the latest security certificate version that Verisign started using (which has apparently been in use for several years and the iPhone had already).

I did not change any settings on either device (they have always required SSL), nor the server - other than installing the certificate - but now the handheld devices won't connect if SSL is selected on the server, so I have to have it turned off in the IIS for now. Also, SSL was on until I inserted the certificate, so I'm wondering if something else (besides the SSL was perhaps reset). I have read that ActiveSync does not really use SSL, but it had no problems with the server requiring SSL until I installed the new certificate.

Programmatically require SSL in IIS7

aclcarter — Wed, 18 Nov 2009 17:18:33 GMT

Does anyone know how to programmatically set the system.webServer/security/access sslFlags using the Microsoft.Web.Administration classes?

I'm trying to write some code to automatically install an SSL enabled web application and am having difficulty with this one step. I've found elsewhere on this site mvolo's instructions on binding an SSL certificate to a site using custom configuration methods, but can't find anywhere instructions on how to modify the sslFlags (short of forking a process to call appcmd, which feels like cheating!).

Many thanks,

Andy

Web Farm sync using MSDeploy - SSL / Ip address binding question

burtikus — Mon, 16 Nov 2009 21:53:04 GMT

Hi,

I am wondering if I can use MSDeploy in the following scenario. I am working on a web farm (IIS 6) that had their hardware SSL offload module go down. They had been using iiscnfg.vbs to merge the metabase settings from the management server to the production servers, but now with the need to put SSL certificates on the IIS servers locally, that will cause problems.

What I am wondering is can MSDeploy be used to sync ALL website configuration info (not content, that's taken care of already) with the exception of IP address bindings for the sites and SSL certificate information.

Any thoughts would be greatly appreciated, thanks!

IIS7 SSL Binding to All Addresses

Kortekk — Fri, 06 Nov 2009 19:22:55 GMT

My server has got IIS7 with two sites Site1 and Site2. I have them each on their own distinct Ipv4 address, each on their own separate certificate, and both are on port 443.

The issue I am experiencing is that if I take Site1 offline, the server is still responding to ssl on that site's address and port - even though I cannot browse to the site via a web broswer. If I take both Site1 and Site2 offline, then the server no longer responds to ssl requests. It looks to me like IIS7 is binding to all the addresses on the server. If I create a new arbirtrary binding on Site1 and run netstat, i see it being opened on the address bound to Site2.

I have tried editing the applicationhost.config file to supply host headers to the ssl bindings since you cannot through the GUI. I have also tried to create listener ip addresses using 'netsh http add iplisten'. Nothing has helped so far. Is there any way to close down the port when that particular site is brought down?

SSL Settings in IIS7 getting reset [Windows Server 2008] with [Exchange 2007] [RPC]

apmeyers1987 — Wed, 28 Oct 2009 19:18:48 GMT

I have a server that has Windows Server 2008 standard with Exchange 2007 installed. I installed the RPCProxy feature in order to use Outlook Anywhere. Looking at the RPC web's SSL settings they were set to Do not require SSL and Accept Client Certificates. I was having a problem with my outlook anywhere due to the Request Entity being too large so I changed the "Accept Client Certificate" to Ignore and everything was working fine (I also checked to require an SSL connection). It'll work for a bit, but then for whatever reason the SSL settings get set back to what they were. Is there a setting somewhere else that forces these results? Or something I can change?

Another thing that I would be okay with is how to avoid the Request Entity being too large error, and just accept the client certificates.

Any help is greatly appreciated!
Andy

Certificate issue after adding Multiple SSL identities

s_sudhirs22 — Fri, 23 Oct 2009 18:31:04 GMT

I have NLB configured, but i want to perform node level monitoring and in that process, i have added dedicated IP to SSL identities in website along with shared IP, i am able to browse website with dedicated IP on the box without any issues.

But when i try to open website using dedicated box from my local machine. It tells me, " continue to this website not recommended". i want to get rid of this. Please suggest

Strange SSL Certificate Behavior in IIS 6, Exchange Server 2003, Outlook Web Access

meals.software — Mon, 19 Oct 2009 18:43:42 GMT

One of the businesses for whom I consult called me up to have me change the settings on their IIS 6.0/Exchange 2003 server so their main accountant/IT support person could get Outlook Mobile Access on his new Palm Pre. Apparently, the Pre will choke when it encounters a SSL certificate that is not linked from a recognized Certificate Authority or preloaded into the Pre. Loading the SSL Cert manually brings up another error, that the cert's address does not match the server address provided. This is the same error that the business has been receiving for their Outlook Web Access setup since they can remember. However, in IE the business can choose to accept the cert, bringing them to a login screen.

They have a somewhat strange domain setup: two domains are part of their network (example.net and examplenet.com), but they only own one of them (examplenet.com), so the other (example.net) is not accessible from outside the office. The business uses mail.examplenet.com as both the office network and internet-accessible address, however the original FQDN of the server is server.example.net, which is not addressable from outside the office. DNS A or CNAME records point all connections from mail.examplenet.com, smtp.examplenet.com, and pop3.examplenet.com to server.example.net.

The original SSL cert's common name was "server", not a FQDN. I thought that creating a new cert with the FQDN the office used would allow the Pre and OWA to work without error, at least for a self-signed cert. However, in the IIS management console, once I removed the old cert, created a new one (for mail.examplenet.com), signed it with the CA existing on the server, and added it to the default web server, the server was no longer addressable. Opening an IE window to the server's IP address, mail.examplenet.com, or server.example.net all would not connect. Unfortunately IE does not provide usable error codes, but I suspect it is a DNS problem in addressing the web server, as the IE error page suggestions (check address for mistakes, server could be down) are consistent with DNS misconfigurations.

Replacing the original cert returned everything to the original invalid address error, but still allowed OWA (though not for the Pre). Creating and installing a cert only for "mail" provided the same error and function as the original cert. All of those certs used thus far were configured with the web server template.

There was a domain controller template cert already created for "server.example.net" which, when imported, allowed error-free access to OWA when using the server.example.net address, though obviously threw an invalid cert error for the address when connecting to mail.examplenet.com. Of course, the example.net addresses cannot be used outside the office as the office does not own that domain.

I would appreciate any suggestions and insight into allowing error-free (though still using SSL, and yes 128-bit encryption is enabled throughout the default web server) web access to exchange and to the Pre. Web searches for this topic merely tell me how to create a self-signed cert for the exchange/iis server, which does not appear to help by itself. The names of the domains have been changed to protect the innocent. My apologies for cross posting.

Effect of maxAllowedContentLength on SSL

Hynek — Sat, 17 Oct 2009 02:20:33 GMT

When POSTing content of bigger size (more than 500 KB let's say) "413 - Request Entity Too Large" is returned by IIS7.

Solving the error with increasing the value of maxAllowedContentLength works for http.

When issuing an SSL POST request on the same resource, modifying maxAllowedContentLength doesn't seem to have any effect - "413 Request Entity Too Large" occurs whatever value is used.

In other words POSTing to http://myserver/mypage with correct value of maxAllowedContentLength works ok. POSTing to https://myserver/mypage with the same content never works regardless of the maxAllowedContentLength value.

What else could influence the behavior of the maximum allowed POST content size for SSL?

How to get through SSL POST requests with content sizes exceeding default limits?