Switching from http to https

We just upgraded to Server 2003 and we run a program that now requires https.
The certificate was installed to change the site along with the certificate
to access the server. When trying to connect to the https site, I get a page
cannot be displayed, cannot connect to server or DNS error. If I try the old
way, I get the certificate does not match the web address. When the program
starts that runs the program, it shows it's listening on the secure port
(444) and when I run the netstat -an command I didn't see any problems. Port
443 is being used by IIS. I can also connect to other SSL sites from the
server. Any idea what could be causing this? I've checked some of the other
postings and noticed that it might be a certificate problem which we're in
the process of doing. Thanks

Re: Switching from http to https

Kansas wrote on Tue, 17 Oct 2006 12:20:02 -0700:

> We just upgraded to Server 2003 and we run a program that now requires
> https. The certificate was installed to change the site along with the
> certificate to access the server. When trying to connect to the https
> site, I get a page cannot be displayed, cannot connect to server or DNS
> error. If I try the old way, I get the certificate does not match the web
> address. When the program starts that runs the program, it shows it's
> listening on the secure port (444) and when I run the netstat -an command
> I didn't see any problems. Port 443 is being used by IIS. I can also
> connect to other SSL sites from the server. Any idea what could be causing
> this? I've checked some of the other postings and noticed that it might
> be a certificate problem which we're in the process of doing. Thanks


You're using https://host.domain:444 to connect, right? If not, then that's
your problem - if the port number is not specified then port 443 is used,
and if IIS HTTPS isn't listening on port 443 on the IP assigned to that
address then you'll get the error.

Did you check for any firewall on the server? Maybe port 444 is being
blocked.

Dan

RE: Switching from http to https

The default web site is set to 443 and is not greyed out. The web site that
we're trying to enable to https is set at 444. When the program starts, it
says it's listening on 444. The firewall on the server is disabled since
we're on a network controlled by a firewall and I was told that 443 and 444
are open.

"Kansas" wrote:

> We just upgraded to Server 2003 and we run a program that now requires https.
> The certificate was installed to change the site along with the certificate
> to access the server. When trying to connect to the https site, I get a page
> cannot be displayed, cannot connect to server or DNS error. If I try the old
> way, I get the certificate does not match the web address. When the program
> starts that runs the program, it shows it's listening on the secure port
> (444) and when I run the netstat -an command I didn't see any problems. Port
> 443 is being used by IIS. I can also connect to other SSL sites from the
> server. Any idea what could be causing this? I've checked some of the other
> postings and noticed that it might be a certificate problem which we're in
> the process of doing. Thanks

RE: Switching from http to https

Just an update. I'm new to this and the certicicates and IIS were set up
with version 5 instructions. It turns out port 444 was not open, so they
opened it up. I reinstalled the RSA certificate, restarted the server and
still was not able to connect. Same error message as before. We ended up
removing the certicates and went back to the original website. Is there much
of a difference installing certificates between IIS 5 and 6? Thanks

"Kansas" wrote:

> We just upgraded to Server 2003 and we run a program that now requires https.
> The certificate was installed to change the site along with the certificate
> to access the server. When trying to connect to the https site, I get a page
> cannot be displayed, cannot connect to server or DNS error. If I try the old
> way, I get the certificate does not match the web address. When the program
> starts that runs the program, it shows it's listening on the secure port
> (444) and when I run the netstat -an command I didn't see any problems. Port
> 443 is being used by IIS. I can also connect to other SSL sites from the
> server. Any idea what could be causing this? I've checked some of the other
> postings and noticed that it might be a certificate problem which we're in
> the process of doing. Thanks

Re: Switching from http to https

No. should be similiar for IIS 5 and 6.
I still don't get what's the error statement, you cert can't bind to port
444 ?
have you change the binding port ? restart https service?
do a netstat -an to check the status ? why not use 443 ? or ?

--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/


"Kansas" wrote in message
news:EC984F85-4178-498D-85A6-980B2101D7CC@microsoft.com...
> Just an update. I'm new to this and the certicicates and IIS were set up
> with version 5 instructions. It turns out port 444 was not open, so they
> opened it up. I reinstalled the RSA certificate, restarted the server and
> still was not able to connect. Same error message as before. We ended up
> removing the certicates and went back to the original website. Is there
> much
> of a difference installing certificates between IIS 5 and 6? Thanks
>
> "Kansas" wrote:
>
>> We just upgraded to Server 2003 and we run a program that now requires
>> https.
>> The certificate was installed to change the site along with the
>> certificate
>> to access the server. When trying to connect to the https site, I get a
>> page
>> cannot be displayed, cannot connect to server or DNS error. If I try the
>> old
>> way, I get the certificate does not match the web address. When the
>> program
>> starts that runs the program, it shows it's listening on the secure port
>> (444) and when I run the netstat -an command I didn't see any problems.
>> Port
>> 443 is being used by IIS. I can also connect to other SSL sites from the
>> server. Any idea what could be causing this? I've checked some of the
>> other
>> postings and noticed that it might be a certificate problem which we're
>> in
>> the process of doing. Thanks

Re: Switching from http to https

Our original site linked to a program's html file. You would connect as
http:/program. The instructions had us install certificates on
the default website with SSL not enabled (using port 443) in the IIS. SSL
would be enabled in IIS on the program's web site changing the program's
address to https://program.smith.com/program. We were then instructed to add
a certificate to the program. These errors we received when trying to
troubleshoot:
connecting to http:///program resulted in having to add an 's'
after the http. When attempting to access the site with https:// address>/program we got a message that the address does not match the
certificate. When attempting to access the site by
https://program.smith.com/program we got the "cannot find server or DNS
error" It turns out port 444 was closed and subsequently opened but still no
success in getting to the site. The instructions had us obtain a certificate
for IIS using the new address (program.smith.com). The certificate for the
program was for the actual server domain name. Could it be that the
certificate names have to match? The instructions also had us check the
Require SSL and Ignore Client Certifictes under the program in IIS. When I
tried changing it in IIS to Ignore, I would get a message that this would
prevent everyone from accessing.

"Bernard Cheah [MVP]" wrote:

> No. should be similiar for IIS 5 and 6.
> I still don't get what's the error statement, you cert can't bind to port
> 444 ?
> have you change the binding port ? restart https service?
> do a netstat -an to check the status ? why not use 443 ? or ?
>
> --
> Regards,
> Bernard Cheah
> http://www.iis.net/
> http://www.iis-resources.com/
> http://msmvps.com/blogs/bernard/
>
>
> "Kansas" wrote in message
> news:EC984F85-4178-498D-85A6-980B2101D7CC@microsoft.com...
> > Just an update. I'm new to this and the certicicates and IIS were set up
> > with version 5 instructions. It turns out port 444 was not open, so they
> > opened it up. I reinstalled the RSA certificate, restarted the server and
> > still was not able to connect. Same error message as before. We ended up
> > removing the certicates and went back to the original website. Is there
> > much
> > of a difference installing certificates between IIS 5 and 6? Thanks
> >
> > "Kansas" wrote:
> >
> >> We just upgraded to Server 2003 and we run a program that now requires
> >> https.
> >> The certificate was installed to change the site along with the
> >> certificate
> >> to access the server. When trying to connect to the https site, I get a
> >> page
> >> cannot be displayed, cannot connect to server or DNS error. If I try the
> >> old
> >> way, I get the certificate does not match the web address. When the
> >> program
> >> starts that runs the program, it shows it's listening on the secure port
> >> (444) and when I run the netstat -an command I didn't see any problems.
> >> Port
> >> 443 is being used by IIS. I can also connect to other SSL sites from the
> >> server. Any idea what could be causing this? I've checked some of the
> >> other
> >> postings and noticed that it might be a certificate problem which we're
> >> in
> >> the process of doing. Thanks
>
>
>

Re: Switching from http to https

You are mixing some problems together. It would be a lot simpler if you
didn't do that.

You need to verify with absolute certainty that port 444 is open. From an
OUTSIDE computer, use telnet to see if the web server responds.

Open command line
type "telnet websitename 444"
press enter
wait.

IF, you get a cursor and nothing, press the enter key several times. Does
it spit out some stuff and quit? If yes, port 444 is open. If it quits
saying "time out" after several seconds, port 444 is closed. If it quits in
a fraction of a second with "connection refused" it might be open, but not
set up on the server correctly yet.

For practice, try the same thing with "telnet websitename 80" to see what it
is supposed to look like.

Work on this problem until you _know_ the port is open.

Also, from inside your network, make sure you can access the web site on
444, like this: http://websitename:444 If you can't you don't have that
set up correctly yet.

So... WHY are you doing 444? Because you have only one IP address?

A certificate won't work correctly with the IP address because the
hostname/IP/cert matchup is a unique one. So of course you get an error
when you do that.

Normally, a cert setup is ONE IP, ONE hostname and ONE web. If you try
anything else it gets complicated (as you have discovered).


"Kansas" wrote in message
news:547D6D8D-9331-4C56-9F85-A2BEC7B31A89@microsoft.com...
> Our original site linked to a program's html file. You would connect as
> http:/program. The instructions had us install certificates on
> the default website with SSL not enabled (using port 443) in the IIS. SSL
> would be enabled in IIS on the program's web site changing the program's
> address to https://program.smith.com/program. We were then instructed to
> add
> a certificate to the program. These errors we received when trying to
> troubleshoot:
> connecting to http:///program resulted in having to add an 's'
> after the http. When attempting to access the site with https:// > address>/program we got a message that the address does not match the
> certificate. When attempting to access the site by
> https://program.smith.com/program we got the "cannot find server or DNS
> error" It turns out port 444 was closed and subsequently opened but still
> no
> success in getting to the site. The instructions had us obtain a
> certificate
> for IIS using the new address (program.smith.com). The certificate for the
> program was for the actual server domain name. Could it be that the
> certificate names have to match? The instructions also had us check the
> Require SSL and Ignore Client Certifictes under the program in IIS. When
> I
> tried changing it in IIS to Ignore, I would get a message that this would
> prevent everyone from accessing.
>
> "Bernard Cheah [MVP]" wrote:
>
>> No. should be similiar for IIS 5 and 6.
>> I still don't get what's the error statement, you cert can't bind to port
>> 444 ?
>> have you change the binding port ? restart https service?
>> do a netstat -an to check the status ? why not use 443 ? or ?
>>
>> --
>> Regards,
>> Bernard Cheah
>> http://www.iis.net/
>> http://www.iis-resources.com/
>> http://msmvps.com/blogs/bernard/
>>
>>
>> "Kansas" wrote in message
>> news:EC984F85-4178-498D-85A6-980B2101D7CC@microsoft.com...
>> > Just an update. I'm new to this and the certicicates and IIS were set
>> > up
>> > with version 5 instructions. It turns out port 444 was not open, so
>> > they
>> > opened it up. I reinstalled the RSA certificate, restarted the server
>> > and
>> > still was not able to connect. Same error message as before. We ended
>> > up
>> > removing the certicates and went back to the original website. Is
>> > there
>> > much
>> > of a difference installing certificates between IIS 5 and 6? Thanks
>> >
>> > "Kansas" wrote:
>> >
>> >> We just upgraded to Server 2003 and we run a program that now requires
>> >> https.
>> >> The certificate was installed to change the site along with the
>> >> certificate
>> >> to access the server. When trying to connect to the https site, I get
>> >> a
>> >> page
>> >> cannot be displayed, cannot connect to server or DNS error. If I try
>> >> the
>> >> old
>> >> way, I get the certificate does not match the web address. When the
>> >> program
>> >> starts that runs the program, it shows it's listening on the secure
>> >> port
>> >> (444) and when I run the netstat -an command I didn't see any
>> >> problems.
>> >> Port
>> >> 443 is being used by IIS. I can also connect to other SSL sites from
>> >> the
>> >> server. Any idea what could be causing this? I've checked some of the
>> >> other
>> >> postings and noticed that it might be a certificate problem which
>> >> we're
>> >> in
>> >> the process of doing. Thanks
>>
>>
>>

Re: Switching from http to https

Port 444 is open. The problem is that no one has done this before and the
only instructions we had were for IIS 5. Under IIS 6, the default web site is
set to port 443. When we started our service, we got an error message that
port 443 couldn't be open since it was already being used. We then set our
web site to 444, resarted, and came back listening on 444 for https.
Certificates were required to be set up on the default web site and in the
application.

"Funkadyleik Spynwhanker" wrote:

> You are mixing some problems together. It would be a lot simpler if you
> didn't do that.
>
> You need to verify with absolute certainty that port 444 is open. From an
> OUTSIDE computer, use telnet to see if the web server responds.
>
> Open command line
> type "telnet websitename 444"
> press enter
> wait.
>
> IF, you get a cursor and nothing, press the enter key several times. Does
> it spit out some stuff and quit? If yes, port 444 is open. If it quits
> saying "time out" after several seconds, port 444 is closed. If it quits in
> a fraction of a second with "connection refused" it might be open, but not
> set up on the server correctly yet.
>
> For practice, try the same thing with "telnet websitename 80" to see what it
> is supposed to look like.
>
> Work on this problem until you _know_ the port is open.
>
> Also, from inside your network, make sure you can access the web site on
> 444, like this: http://websitename:444 If you can't you don't have that
> set up correctly yet.
>
> So... WHY are you doing 444? Because you have only one IP address?
>
> A certificate won't work correctly with the IP address because the
> hostname/IP/cert matchup is a unique one. So of course you get an error
> when you do that.
>
> Normally, a cert setup is ONE IP, ONE hostname and ONE web. If you try
> anything else it gets complicated (as you have discovered).
>
>
> "Kansas" wrote in message
> news:547D6D8D-9331-4C56-9F85-A2BEC7B31A89@microsoft.com...
> > Our original site linked to a program's html file. You would connect as
> > http:/program. The instructions had us install certificates on
> > the default website with SSL not enabled (using port 443) in the IIS. SSL
> > would be enabled in IIS on the program's web site changing the program's
> > address to https://program.smith.com/program. We were then instructed to
> > add
> > a certificate to the program. These errors we received when trying to
> > troubleshoot:
> > connecting to http:///program resulted in having to add an 's'
> > after the http. When attempting to access the site with https:// > > address>/program we got a message that the address does not match the
> > certificate. When attempting to access the site by
> > https://program.smith.com/program we got the "cannot find server or DNS
> > error" It turns out port 444 was closed and subsequently opened but still
> > no
> > success in getting to the site. The instructions had us obtain a
> > certificate
> > for IIS using the new address (program.smith.com). The certificate for the
> > program was for the actual server domain name. Could it be that the
> > certificate names have to match? The instructions also had us check the
> > Require SSL and Ignore Client Certifictes under the program in IIS. When
> > I
> > tried changing it in IIS to Ignore, I would get a message that this would
> > prevent everyone from accessing.
> >
> > "Bernard Cheah [MVP]" wrote:
> >
> >> No. should be similiar for IIS 5 and 6.
> >> I still don't get what's the error statement, you cert can't bind to port
> >> 444 ?
> >> have you change the binding port ? restart https service?
> >> do a netstat -an to check the status ? why not use 443 ? or ?
> >>
> >> --
> >> Regards,
> >> Bernard Cheah
> >> http://www.iis.net/
> >> http://www.iis-resources.com/
> >> http://msmvps.com/blogs/bernard/
> >>
> >>
> >> "Kansas" wrote in message
> >> news:EC984F85-4178-498D-85A6-980B2101D7CC@microsoft.com...
> >> > Just an update. I'm new to this and the certicicates and IIS were set
> >> > up
> >> > with version 5 instructions. It turns out port 444 was not open, so
> >> > they
> >> > opened it up. I reinstalled the RSA certificate, restarted the server
> >> > and
> >> > still was not able to connect. Same error message as before. We ended
> >> > up
> >> > removing the certicates and went back to the original website. Is
> >> > there
> >> > much
> >> > of a difference installing certificates between IIS 5 and 6? Thanks
> >> >
> >> > "Kansas" wrote:
> >> >
> >> >> We just upgraded to Server 2003 and we run a program that now requires
> >> >> https.
> >> >> The certificate was installed to change the site along with the
> >> >> certificate
> >> >> to access the server. When trying to connect to the https site, I get
> >> >> a
> >> >> page
> >> >> cannot be displayed, cannot connect to server or DNS error. If I try
> >> >> the
> >> >> old
> >> >> way, I get the certificate does not match the web address. When the
> >> >> program
> >> >> starts that runs the program, it shows it's listening on the secure
> >> >> port
> >> >> (444) and when I run the netstat -an command I didn't see any
> >> >> problems.
> >> >> Port
> >> >> 443 is being used by IIS. I can also connect to other SSL sites from
> >> >> the
> >> >> server. Any idea what could be causing this? I've checked some of the
> >> >> other
> >> >> postings and noticed that it might be a certificate problem which
> >> >> we're
> >> >> in
> >> >> the process of doing. Thanks
> >>
> >>
> >>
>
>
>

Re: Switching from http to https

Hi Kansas,

In an earlier post by Funkadyleik Spynwhanker, he mentions that SSL certs
require hostname/IP/cert to match up, this is correct and is essential for
https sites to work.

Is this webserver on your internal network?

If so, have an additional IP address added to the box, change the DNS record
the domain name to point at the new IP address, open IIS manager and go to
the properties of the site, click advanced button under web site
identification section, click on domain name and edit button, select IP
address from drop down menu and ok everything to apply changes.

If the webserver is hosted externally, then get your hosting company to add
an additional IP address to the box and follow the rest of the steps above.

Hope this helps some.

Re: Switching from http to https

LoL... I'm completely lost......

--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/


"Funkadyleik Spynwhanker" wrote in
message news:YWLZg.7441$5i7.3694@newsreading01.news.tds.net...
> You are mixing some problems together. It would be a lot simpler if you
> didn't do that.
>
> You need to verify with absolute certainty that port 444 is open. From an
> OUTSIDE computer, use telnet to see if the web server responds.
>
> Open command line
> type "telnet websitename 444"
> press enter
> wait.
>
> IF, you get a cursor and nothing, press the enter key several times. Does
> it spit out some stuff and quit? If yes, port 444 is open. If it quits
> saying "time out" after several seconds, port 444 is closed. If it quits
> in a fraction of a second with "connection refused" it might be open, but
> not set up on the server correctly yet.
>
> For practice, try the same thing with "telnet websitename 80" to see what
> it is supposed to look like.
>
> Work on this problem until you _know_ the port is open.
>
> Also, from inside your network, make sure you can access the web site on
> 444, like this: http://websitename:444 If you can't you don't have that
> set up correctly yet.
>
> So... WHY are you doing 444? Because you have only one IP address?
>
> A certificate won't work correctly with the IP address because the
> hostname/IP/cert matchup is a unique one. So of course you get an error
> when you do that.
>
> Normally, a cert setup is ONE IP, ONE hostname and ONE web. If you try
> anything else it gets complicated (as you have discovered).
>
>
> "Kansas" wrote in message
> news:547D6D8D-9331-4C56-9F85-A2BEC7B31A89@microsoft.com...
>> Our original site linked to a program's html file. You would connect as
>> http:/program. The instructions had us install certificates
>> on
>> the default website with SSL not enabled (using port 443) in the IIS.
>> SSL
>> would be enabled in IIS on the program's web site changing the program's
>> address to https://program.smith.com/program. We were then instructed to
>> add
>> a certificate to the program. These errors we received when trying to
>> troubleshoot:
>> connecting to http:///program resulted in having to add an
>> 's'
>> after the http. When attempting to access the site with https:// >> address>/program we got a message that the address does not match the
>> certificate. When attempting to access the site by
>> https://program.smith.com/program we got the "cannot find server or DNS
>> error" It turns out port 444 was closed and subsequently opened but
>> still no
>> success in getting to the site. The instructions had us obtain a
>> certificate
>> for IIS using the new address (program.smith.com). The certificate for
>> the
>> program was for the actual server domain name. Could it be that the
>> certificate names have to match? The instructions also had us check the
>> Require SSL and Ignore Client Certifictes under the program in IIS. When
>> I
>> tried changing it in IIS to Ignore, I would get a message that this would
>> prevent everyone from accessing.
>>
>> "Bernard Cheah [MVP]" wrote:
>>
>>> No. should be similiar for IIS 5 and 6.
>>> I still don't get what's the error statement, you cert can't bind to
>>> port
>>> 444 ?
>>> have you change the binding port ? restart https service?
>>> do a netstat -an to check the status ? why not use 443 ? or ?
>>>
>>> --
>>> Regards,
>>> Bernard Cheah
>>> http://www.iis.net/
>>> http://www.iis-resources.com/
>>> http://msmvps.com/blogs/bernard/
>>>
>>>
>>> "Kansas" wrote in message
>>> news:EC984F85-4178-498D-85A6-980B2101D7CC@microsoft.com...
>>> > Just an update. I'm new to this and the certicicates and IIS were set
>>> > up
>>> > with version 5 instructions. It turns out port 444 was not open, so
>>> > they
>>> > opened it up. I reinstalled the RSA certificate, restarted the server
>>> > and
>>> > still was not able to connect. Same error message as before. We
>>> > ended up
>>> > removing the certicates and went back to the original website. Is
>>> > there
>>> > much
>>> > of a difference installing certificates between IIS 5 and 6? Thanks
>>> >
>>> > "Kansas" wrote:
>>> >
>>> >> We just upgraded to Server 2003 and we run a program that now
>>> >> requires
>>> >> https.
>>> >> The certificate was installed to change the site along with the
>>> >> certificate
>>> >> to access the server. When trying to connect to the https site, I
>>> >> get a
>>> >> page
>>> >> cannot be displayed, cannot connect to server or DNS error. If I try
>>> >> the
>>> >> old
>>> >> way, I get the certificate does not match the web address. When the
>>> >> program
>>> >> starts that runs the program, it shows it's listening on the secure
>>> >> port
>>> >> (444) and when I run the netstat -an command I didn't see any
>>> >> problems.
>>> >> Port
>>> >> 443 is being used by IIS. I can also connect to other SSL sites from
>>> >> the
>>> >> server. Any idea what could be causing this? I've checked some of
>>> >> the
>>> >> other
>>> >> postings and noticed that it might be a certificate problem which
>>> >> we're
>>> >> in
>>> >> the process of doing. Thanks
>>>
>>>
>>>
>
>