"We tried the SSL Diagnositcs (sic)"
And the result was? when you use IIS to generate a CCR, if you cancel the request on the IIS server after the CCR has been sent to the registrar so you can install a certificate just to get the site back working, does that invalidate the CCR generated certs? If you do this, you lose the matching private key - your newly received certificate will not work FYI the internal CA ones cant validate the DNS domain that the site is accessed on. This doesn't even make sense. Can you think of a different way of explaining this? Or posting the actual configuration you are using and error(s) that you are seeing? As requested before, did you look in the Windows Event Logs and the httperr.log files? Cheers Ken From: Graeme Carstairs [mailto:[email protected]] Sent: Saturday, 30 June 2012 5:28 AM To: NT System Admin Issues Subject: Re: Weird SSL issues on existing IIS6 WSS 3 site Hi We tried the SSL Diagnositcs. The Verisign ones have no private key, so I have passed back to corporate to resolve this issue, along with a new CCR I ahve a question when you use IIS to generate a CCR, if you cancel the request on the IIS server after the CCR has been sent to the registrar so you can install a certificate just to get the site back working, does that invalidate the CCR generated certs? FYI the internal CA ones cant validate the DNS domain that the site is accessed on. Thanks guys hopefully the Cert guy at corporate can resolve this. graeme On 29 June 2012 15:07, Brian Hintz <[email protected]> wrote: Check out the SSL Diagnostics tools from MS: 32-bit <http://www.microsoft.com/download/en/details.aspx?id=674> - http://www.microsoft.com/download/en/details.aspx?id=674 64bit <http://www.microsoft.com/download/en/confirmation.aspx?id=5329> - http://www.microsoft.com/download/en/confirmation.aspx?id=5329 On Fri, Jun 29, 2012 at 5:44 AM, Graeme Carstairs <[email protected]> wrote: Hi There, One of our customers had a public facing WSS 3 site secured witha go daddy SSL. they were bought over by another company and since then the wSS has no longer been public facing but is still entirely SSL. The SSL has been expired for 2 months now as we are going through parent company process of getting a new SSL issued. They initially issued us with on of the Enterprise CA, then a $150 verisign one and we have noe been issues a $600 verisign one. The problem is Import the certificate VIA Cerificates MMC, it checks out and can be viewed as a valid cert. and assign to the website in ISS. Immediately the site stops working, IE shows a Could not display the page rror (no muber) Chrome gives a 107 SSL protocol Error. Using fiddler to monitor the traffic flow, and its a 107 error it shows as the only response. Replace the new cert with the old expired one and straight away the sites working (with cert expired error) but still working. Any one got any suggestions as to what may be casuing this. Thanks graeme -- Good news everyone, you have just received an e-mail from me! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin -- Good news everyone, you have just received an e-mail from me! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
