I have an asp.net 2.0 website on an win03 server. The server has an ssl
certificate made with selfSSL. When I hit the site with ie7 I get the
message "this page contains both secure and nonesecure items. Do you want to
display the nonsecure items.". On FF2.0 no such message.
I answer yes and no and in each case and then save view source to a file. A
comparison of the files show know differences. There are no embedded images.
The asp.net page does grab an embedded resource (css file) via an
WebResource.axd call.
Basically I think this shouldn't be an IIS server side issue. To check if
the web page actual contains non-secure contents, I think the most
straightforward way is to run some network sniffer tools(e.g Network
monitor) on the client to trace if there is any HTTP traffic when the
warning appears.
The steps to use Netmon should be:
1. Download and install Network Monitor from the following place. The
password is "trace" (without the quotation marks):
ftp://ftp.microsoft.com/PSS/Tools/NetMon/NETMON2.ZIP
2. On the IE client machine, locate and start Network Monitor in
Administrative Tools.
3. Click Capture-> Networks-> Locate the Network Interface which is used to
send and receive related network traffic-> Click OK.
4. Press "F10" to start the capture on both sides-> reproduce the problem
with the SSL warning-> Press "Shift + F11" to stop the capture, and view
the packets.
5. Verify if there is HTTP based traffic in the captured packets. If there
is, check the content to see what it is.
For more information, please refer to the following article:
How to Capture Network Traffic with Network Monitor
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q148 942
Please feel free to save as and attach the .cap file to me at:
wjzhang@online.microsoft.com (please remove online.). I will be glad to
help on the reviewing the trace. Also please let me know the exact time of
the connection and the IP address of Server and Client.
Get notification to my posts through email? Please refer to:
http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at:
This posting is provided "AS IS" with no warranties, and confers no rights.
RE: IE SSL and selfcert
am 16.09.2007 21:28:01 von Chuck P
I don't think their is any protected content, because the ssl and non ssl
pages are equal.
I think their may be some kind of issue with IE not liking SSL certs that
are made with selfcert. I have noticed something similar with sending
401s(IE appears to ignore it) but haven't verified that yet. I will test
with Fiddler. www.fiddlertool.com/ -
""WenJun Zhang[msft]"" wrote:
> Hi,
>
> Basically I think this shouldn't be an IIS server side issue. To check if
> the web page actual contains non-secure contents, I think the most
> straightforward way is to run some network sniffer tools(e.g Network
> monitor) on the client to trace if there is any HTTP traffic when the
> warning appears.
>
> The steps to use Netmon should be:
>
> 1. Download and install Network Monitor from the following place. The
> password is "trace" (without the quotation marks):
> ftp://ftp.microsoft.com/PSS/Tools/NetMon/NETMON2.ZIP
>
> 2. On the IE client machine, locate and start Network Monitor in
> Administrative Tools.
> 3. Click Capture-> Networks-> Locate the Network Interface which is used to
> send and receive related network traffic-> Click OK.
> 4. Press "F10" to start the capture on both sides-> reproduce the problem
> with the SSL warning-> Press "Shift + F11" to stop the capture, and view
> the packets.
> 5. Verify if there is HTTP based traffic in the captured packets. If there
> is, check the content to see what it is.
>
> For more information, please refer to the following article:
>
> How to Capture Network Traffic with Network Monitor
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q148 942
>
> Please feel free to save as and attach the .cap file to me at:
> wjzhang@online.microsoft.com (please remove online.). I will be glad to
> help on the reviewing the trace. Also please let me know the exact time of
> the connection and the IP address of Server and Client.
>
> Have a nice weekend.
>
> Sincerely,
>
> WenJun Zhang
>
> Microsoft Online Community Support
>
> ==================================================
>
> Get notification to my posts through email? Please refer to:
> http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
> ications.
>
> Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
> where an initial response from the community or a Microsoft Support
> Engineer within 1 business day is acceptable. Please note that each follow
> up response may take approximately 2 business days as the support
> professional working with you may need further investigation to reach the
> most efficient resolution. The offering is not appropriate for situations
> that require urgent, real-time or phone-based interactions or complex
> project analysis and dump analysis issues. Issues of this nature are best
> handled working with a dedicated Microsoft Support Engineer by contacting
> Microsoft Customer Support Services (CSS) at:
>
> http://msdn.microsoft.com/subscriptions/support/default.aspx .
>
> ==================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
RE: IE SSL and selfcert
am 26.09.2007 15:14:00 von Chuck P
WenJun,
I sent the netmon trace to your email on 9/21.
Did you notice anything?
"Chuck P" wrote:
> I don't think their is any protected content, because the ssl and non ssl
> pages are equal.
> I think their may be some kind of issue with IE not liking SSL certs that
> are made with selfcert. I have noticed something similar with sending
> 401s(IE appears to ignore it) but haven't verified that yet. I will test
> with Fiddler. www.fiddlertool.com/ -
>
> ""WenJun Zhang[msft]"" wrote:
>
> > Hi,
> >
> > Basically I think this shouldn't be an IIS server side issue. To check if
> > the web page actual contains non-secure contents, I think the most
> > straightforward way is to run some network sniffer tools(e.g Network
> > monitor) on the client to trace if there is any HTTP traffic when the
> > warning appears.
> >
> > The steps to use Netmon should be:
> >
> > 1. Download and install Network Monitor from the following place. The
> > password is "trace" (without the quotation marks):
> > ftp://ftp.microsoft.com/PSS/Tools/NetMon/NETMON2.ZIP
> >
> > 2. On the IE client machine, locate and start Network Monitor in
> > Administrative Tools.
> > 3. Click Capture-> Networks-> Locate the Network Interface which is used to
> > send and receive related network traffic-> Click OK.
> > 4. Press "F10" to start the capture on both sides-> reproduce the problem
> > with the SSL warning-> Press "Shift + F11" to stop the capture, and view
> > the packets.
> > 5. Verify if there is HTTP based traffic in the captured packets. If there
> > is, check the content to see what it is.
> >
> > For more information, please refer to the following article:
> >
> > How to Capture Network Traffic with Network Monitor
> > http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q148 942
> >
> > Please feel free to save as and attach the .cap file to me at:
> > wjzhang@online.microsoft.com (please remove online.). I will be glad to
> > help on the reviewing the trace. Also please let me know the exact time of
> > the connection and the IP address of Server and Client.
> >
> > Have a nice weekend.
> >
> > Sincerely,
> >
> > WenJun Zhang
> >
> > Microsoft Online Community Support
> >
> > ==================================================
> >
> > Get notification to my posts through email? Please refer to:
> > http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
> > ications.
> >
> > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
> > where an initial response from the community or a Microsoft Support
> > Engineer within 1 business day is acceptable. Please note that each follow
> > up response may take approximately 2 business days as the support
> > professional working with you may need further investigation to reach the
> > most efficient resolution. The offering is not appropriate for situations
> > that require urgent, real-time or phone-based interactions or complex
> > project analysis and dump analysis issues. Issues of this nature are best
> > handled working with a dedicated Microsoft Support Engineer by contacting
> > Microsoft Customer Support Services (CSS) at:
> >
> > http://msdn.microsoft.com/subscriptions/support/default.aspx .
> >
> > ==================================================
> >
> > This posting is provided "AS IS" with no warranties, and confers no rights.
> >
> >
RE: IE SSL and selfcert
am 27.09.2007 11:55:40 von wjzhang
Hi Chuck,
Sorry, I just notice your email was mistakenly dropped into my junk-mail
folder by Outlook. I've reviewed the trace you sent and also didn't find
any clue of HTTP traffic in it. The TCP frames between the server and
client are also for SSL handshake. In this case, I'd like to suggest you
further test if the same problem can be reproduced on different IE7 or IE6
machines. If all of them hit the same issue, I'd like to suggest you use
one of your MSDN Technical Support Incidents to work with our IE support
group via telephone based support. Since there is no managed IE queue in
MSDN newsgroups, this will be the most effective way to assist you on this
issue. Also you won't even need to spend the incident account if the
problem is finally confirmed to be a product issue or can be simply fixed
by applying hotfix. Please refer to the support note below.
About the information of free incident support for MSDN subscribers, please
look at:
http://msdn.microsoft.com/subscriptions/support/default.aspx .
To obtain the phone numbers for Microsoft Customer Service and Support
services technology request, please take a look at the web site listed
below.
http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHON ENUMBERS
Get notification to my posts through email? Please refer to:
http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at: