Notification

Icon
Error

SSL with IIS Express Not working

Posted: Monday, January 17, 2022 3:24:37 PM(UTC)
Jackrock

Jackrock

Member Original PosterPosts: 8
0
Like
This issue has been solved! Click here to view the solution
I'm familiar with how to set up SSL in IIS Express. However, every time we do, it breaks the system.

The moment I input the cert's thumbprint and restart the service, the whole site now becomes unreachable. As soon as I put the old thumbprint back in and restart the service, it all works again.

Any ideas? We've had three of us try this each dozens of times, so it's HIGHLY unlikely we're all making the same mistake. But for some reason it worked once (and only once) with a now-expired certificate.

The browser says that there is no certificate when we change to the new thumbprint.

I'm attaching a sanitized copy of our IISExpressSvc.exe.config file, and screenshots of the messages in the browser when we have the new thumbprint in place.
Handles attachments
IISExpressSvc.exe.config.txt (1kb) downloaded 12 time(s).
Jackrock attached the following image(s):
2022-01-17 07_20_51-lansweeper.tallgrassenergylp.com and 49 more pages - Work - Microsoft​ Edge.png
2022-01-17 07_20_58-.png
Jackrock
#1Jackrock Member Original PosterPosts: 8  
posted: 1/19/2022 2:56:27 PM(UTC)
Any ideas?
fjca
#2fjca Member Posts: 110  
posted: 1/26/2022 8:16:46 PM(UTC)
Be sure that the certificate is a Machine certficate, aka it's in the Local Computer Store, on the Personal Folder. I've had a problem like that in the past when I imported it on my user store, and them IIS could not see it...

edsn
#3edsn Member Posts: 2  
posted: 1/28/2022 11:29:18 AM(UTC)
Make sure you import a pfx that contains the private key to the certificate you are using.

I had the same issue when I tried to use a certificate that was imported from .crt.

If you only have .crt and .key files you can use the following command (and openssl) to create a pfx:
openssl pkcs12 -export -out bundle.pfx -inkey privkey.key -in cert.crt -certfile cert.ca.crt
Jackrock
#4Jackrock Member Original PosterPosts: 8  
posted: 1/31/2022 4:20:11 PM(UTC)
Originally Posted by: fjca Go to Quoted Post
Be sure that the certificate is a Machine certficate, aka it's in the Local Computer Store, on the Personal Folder. I've had a problem like that in the past when I imported it on my user store, and them IIS could not see it...



Thank you. I will check that out. I think it's there, but I cannot be positive from memory alone.
Jackrock
#5Jackrock Member Original PosterPosts: 8  
posted: 1/31/2022 4:23:42 PM(UTC)
Originally Posted by: edsn Go to Quoted Post
Make sure you import a pfx that contains the private key to the certificate you are using.

I had the same issue when I tried to use a certificate that was imported from .crt.

If you only have .crt and .key files you can use the following command (and openssl) to create a pfx:
openssl pkcs12 -export -out bundle.pfx -inkey privkey.key -in cert.crt -certfile cert.ca.crt


I'm pretty sure the PFX has the key, but I did not generate it myself (another team handles that). I'll verify.
Jackrock
#6Jackrock Member Original PosterPosts: 8  
posted: 2/1/2022 8:19:10 PM(UTC)
Originally Posted by: fjca Go to Quoted Post
Be sure that the certificate is a Machine certficate, aka it's in the Local Computer Store, on the Personal Folder. I've had a problem like that in the past when I imported it on my user store, and them IIS could not see it...



Thanks, fjca. It seems this was the primary issue. We had it in the incorrect store.

Active Discussions

Lansweeper mail reports
by  Andy.S   Go to last post Go to first unread
Last post: 7/1/2022 2:38:18 PM(UTC)
Lansweeper Adding an "Employee ID" column to an asset report
by  ABaker  
Go to last post Go to first unread
Last post: 6/30/2022 3:06:54 PM(UTC)
Lansweeper Firefox 102 & ESR 91.11
by  Esben.D   Go to last post Go to first unread
Last post: 6/30/2022 8:12:07 AM(UTC)
Lansweeper Performance report not shows result
by  NoraD  
Go to last post Go to first unread
Last post: 6/28/2022 7:52:27 AM(UTC)
Lansweeper Duplicate AD Users
by  Randy Costa   Go to last post Go to first unread
Last post: 6/27/2022 5:25:04 PM(UTC)
Lansweeper Multiple Devices Owned by Users (asset relations)
by  Adrian Scott  
Go to last post Go to first unread
Last post: 6/22/2022 5:34:51 PM(UTC)