Search results matching tag 'SSL Issues'

Installing Multiple SSL in single IIS 6.0

swamik — Wed, 28 Jan 2009 09:40:43 GMT

Hi All:

We have a requirement of installing Multiple SSL certicates of 20 different websites which are all hosted in single IIS 6.0(Windows Server 2003 is the OS)

Using host header, we were able to host these 20 sites in an single IIS. But like to know how to install and configure 20 SSL certificates for these 20 domains which are in single IIS 6.0.

Please help

Failed to install Verisign SSL digital certificate on IIS 5.0. Please help!!

stamtarm — Mon, 05 Jan 2009 04:15:03 GMT

I have tried several times, revoke and replace certificate, and asked Verisign for help too. But at the end it still failed.

Error message are shown as below:

- When installing the certificate:

"Failed to install certificate, keyset does not exists"

- When trying to export the private key using MMC function, the option for "Export private key" is disabled and it says "Notes: The associated private key cannot be found. Only the certificate can be exported."

I have changed the permission of the administrator and system account to Full Control for the following folders and files already:

Folders

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA

All files inside the following folder

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

Please kindly assist!! Thank you very much!!

sta

403.7 64 on IIS 6 on both XP 64 and server 2003 R2 64

Carrots — Mon, 03 Nov 2008 15:01:01 GMT

In the IIS logs, our client has found a bunch of 403.7 64 's being logged. Most of them are to /VirtualDirectoryName, for example:

2008-10-30 06:41:00 W3SVC3 xxx.xxx.xxx.xxx GET /VirtualDirectoryName - 443 - xxx.xxx.xxx.xxx Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.04506
.30;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) 403 7 64

These happen quite often, sometimes 4 or so requests in a row.
Directory browsing is disabled on the sites, and the default page is set to default.htm which exists, so theoretically, there should be no requests for the path.
I have enabled schannel logging, but couldnt find one matching the timestamp in IIS. For example, in IIS we have one for 2008-10-30 11:49:50, and in event viewer we have one for 11:49:52 and one for 11:49:45. I also couldnt find a patter that makes it look like the one is trailing the other by a couple of seconds.

All the IIS requests are on port 443, none are on 80.

Schannel logs information events, but no warnings.
The client confirmed that the system logs and IIS logs were from the same server.

They run Windows 2003 x64 R2 on a NLB cluster. The machines in the testing environment is a single machine only.
I am able to intermittently reproduce it on my own environment (XP 64). One out of 20 times doing the exact same actions will give me the error in the logs. The error does not affect the user at all.

Testers currently test on Windows XP 32, with IE6, IE7 and Firefox, using software certs, or in some cases USB tokens. I replicated using a software cert.

Now this does not sound like something I should be spending my time on, but the client is being audited, and this has been raised as a concern by the auditing company.

Redirecting HTTPS from https://domain.com to https://www.domain.com

bostonnole — Thu, 14 Aug 2008 17:03:43 GMT

Is there some way in IIS 6 (running on Windows 2003) to redirect all pages, including parameters, from https://domain.com to https://www.domain.com?

None SSL redirects are working fine.

When a user attemps https://domain.com they get a warning about the certificate not matching the name of the site.

"The name on the security certificate is invalid or does not match the name of the site"

I have created a seperate web site for "domain.com" and I have an SSL certificate for "domain.com". This site is setup to do a permanent redirect to the www.domain.com site. As I indicated above, non-ssl redirects work fine. Just the SSL redirects do not.

ISAPI Filters

sweetleaf — Mon, 30 Jun 2008 12:05:03 GMT

I've recently installed a certificate on my Windows 2003 webserver and I don't seem to be able to get it to work.

Http is fine, but if I try and access the site using https I just get 'page cannot be displayed'. I've looked through the usual MS documents to try and solve the issue and have downloaded the IIS Diag tool. This reckoned strmfilt.dll was not loaded into lsass.exe and to check and install sspifilt.dll in ISAPI filters.

Sspifilt.dll isn't installed in ISAPI filters and I can't find it on the server or on the W2003 CD. I can't see any reference to it in relation to IIS6 (have found docs re sspifilt and IIS4/5).

Does IIS 6 really need sspifilt? And if so, does anyone know where I can get it from? I did download one, but IIS didn't like it at all!

Thanks

Client Certificates + SSL

herr_raus — Wed, 11 Jun 2008 09:02:08 GMT

Hi all,

I have a question regarding client certificates that hasn't been quite answered yet.
I'd like to set up an IIS6 server with SSL and a client certificate. But I would like to create the certificate with custom information, and for use on the internet (!). Ofcourse I preffer not to pay for each client certificate.

The certificate server is installed on the webserver so should both be accessible. When using certsvr application internally this work perfectly. Only when I need to create the certificate and mail it to a 3rd party over the internet this ceases to work. Is there any way to get this working?

Thank you.

Kind Regards,

renewing SSL certificate problems on IIS6

APLIT — Mon, 09 Jun 2008 08:57:30 GMT

Hi,

I'm trying to renew my SSL certificate but I'm getting a country code error from all of the SSL suppliers so far. I've been told to set up a new website then copy over the certificate when it expires!

I'm not wanting to implement a bodge, I'm wanting to renew the certificate with the CSR I'm getting from the server and then leave it be. It must be possible?