Announcement

Collapse
No announcement yet.

IIS / SSL problem (2K3 R2 Server)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • IIS / SSL problem (2K3 R2 Server)

    This one is really getting me!

    new build 2K3 R2 server (SP2 plus all updates) running Exchange 2003 SP2
    GoDaddy Certificate imported into "personal certificate store" on Exchange server
    DNS domain for external certificate domain set up and A record configured

    When I attempt to enable SSL as per http://www.petri.com/configure_ssl_o...e_with_iis.htm I cannot access the OWA site -- I get "Internet Explorer Cannot Display This Webpage" from IE6 and IE7
    Once I disable SSL, no problems. Logs dont show anything obvious

    I've set up SSL for OWA before without any issues and the only differences I can see are:
    Server 2003 R2 not Server 2003
    Certificate was imported into cert store and then discovered by IIS, not created using the request/response wizard
    Require SSL is applied only to the Exchange virtual directory, not the whole of the default web site (tried for the whole site but same problem)

    Aargh!
    Any help greatly appreciated!
    Tom
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

  • #2
    Re: IIS / SSL problem (2K3 R2 Server)

    It definitely sounds like something is wrong with the cert.

    The cert I'm using is also a Go Daddy cert which I imported from a backed up PFX through IIS.

    I'm guessing you imported the cert into the certs MMC console and selected use existing cert from IIS? Can you try doing it a different way, maybe it doesn't like the way you did it.
    Andrew

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: IIS / SSL problem (2K3 R2 Server)

      Yes, it is a GoDaddy Cert

      Backstory -- my only DC died, so a quick rebuild of DC / Exchange (Regular Win2K3 SP1)
      Installed GoDaddy intermediate Cert and imported my cert (pfx?) file into IIS and everything went OK

      Built new DC and mail server with proper redundancy, installed 2K3R2 (SP2)
      Installed intermediate Cert
      Tried importing cert file in IIS and it demanded a password (no idea what, if any, that was), so I imported it using Certificates mmc snapin into the "personal" store on the Exchange box -- all seemed to go OK. In IIS that picked up the cert and I thought everything OK, but got the problems above.

      It seems to me the problem is related to R2?
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: IIS / SSL problem (2K3 R2 Server)

        The password can be assigned to a PFX file when using it for code signing. We do that here when we release applications, there is a PFX with the cert and password challenge to sign it. I've never seen that on a PFX for webserver auth.

        Go Daddy lets you rerequest your key. It sounds like yours is screwed. If I were you I'd rerequest it.

        I seriously doubt it's 2003R2, I use it and I've never seen what you're describing.
        Andrew

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Re: IIS / SSL problem (2K3 R2 Server)

          Cool -- will get the Daddy to re-supply!

          More later
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: IIS / SSL problem (2K3 R2 Server)

            Sorted -- new certificate request then installed the resulting certificate.

            Many thanks to GoDaddy tech support for their part in it -- excellent customer service and re-inforces my high opinions of them!
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: IIS / SSL problem (2K3 R2 Server)

              Originally posted by Ossian View Post
              Sorted -- new certificate request then installed the resulting certificate.

              Many thanks to GoDaddy tech support for their part in it -- excellent customer service and re-inforces my high opinions of them!
              Nice! So it was the cert.
              Andrew

              ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

              Comment


              • #8
                Re: IIS / SSL problem (2K3 R2 Server)

                Originally posted by ahinson View Post
                Nice! So it was the cert.

                Looks like it -- I think when the old network died, the Private Key got lost, so unsurprisingly SSL went pearshaped.
                The thing that threw me was I was able to install it on the temporary network and use HTTPS & RPCoverHTTP without problems

                Anyway, a big sigh of relief! Thanks for your help +ve rep given
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment

                Working...
                X