SSL and IIS 5.0

SSL and IIS 5.0

am 13.06.2006 19:27:32 von Ed Sitz

Interesting issue with a site that uses SSL and IIS 5.0. All of a sudden
today, we couldn't browse to the site using SSL. All attempts simply
timeout. Nothing in the logs. Take SSL off of the site and it works fine.
Certificate is good through September of 2006. I even removed the
certificate issued from an external CA, issued one from a test CA that we
have, and same results.

Aside from reinstalling IIS, does anyone have any suggestions? We've
rebooted, turned off virus protection, did packet sniffing, even sprinkled
holy beer on the damn thing.

Re: SSL and IIS 5.0

am 13.06.2006 22:00:22 von someone

Umm... I recommend against reinstallation. It is not clear what data you
gathered supports that drastic action. Since you probably made no system
modifications, why would system reinstallation fix any non-system
modification?

I would first run SSLDiag:
http://www.microsoft.com/windowsserver2003/iis/diagnostictoo ls/default.mspx

Then, I would check whether the CRL or any other related certificates of
your Server's certificate has expired. Browers and Servers validate those
details when negotiating SSL (contrary to popular belief, it's not just the
client and server certificates involved in SSL...), and problems there can
result in Timeout or other non-obvious effects.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//

"Ed Sitz" wrote in message
news:OpG2o6wjGHA.4284@TK2MSFTNGP05.phx.gbl...
> Interesting issue with a site that uses SSL and IIS 5.0. All of a sudden
> today, we couldn't browse to the site using SSL. All attempts simply
> timeout. Nothing in the logs. Take SSL off of the site and it works
> fine. Certificate is good through September of 2006. I even removed the
> certificate issued from an external CA, issued one from a test CA that we
> have, and same results.
>
> Aside from reinstalling IIS, does anyone have any suggestions? We've
> rebooted, turned off virus protection, did packet sniffing, even sprinkled
> holy beer on the damn thing.
>

Re: SSL and IIS 5.0

am 14.06.2006 16:37:26 von Funkadyleik Spynwhanker

Can you browse http://wwwSITENAME.com:443 ?

It sounds like the port for SSL (443) has been cut off or firewalled or
something.

(the above test will rule out SSL as the issue or rule in SSL as the issue)

"Ed Sitz" wrote in message
news:OpG2o6wjGHA.4284@TK2MSFTNGP05.phx.gbl...
> Interesting issue with a site that uses SSL and IIS 5.0. All of a sudden
> today, we couldn't browse to the site using SSL. All attempts simply
> timeout. Nothing in the logs. Take SSL off of the site and it works
> fine. Certificate is good through September of 2006. I even removed the
> certificate issued from an external CA, issued one from a test CA that we
> have, and same results.
>
> Aside from reinstalling IIS, does anyone have any suggestions? We've
> rebooted, turned off virus protection, did packet sniffing, even sprinkled
> holy beer on the damn thing.
>