Notification

Icon
Error

SSL with IIS Express Not working

Posted: Monday, January 17, 2022 3:24:37 PM(UTC)
Jackrock

Jackrock

Member Original PosterPosts: 8
0
Like
This issue has been solved! Click here to view the solution
I'm familiar with how to set up SSL in IIS Express. However, every time we do, it breaks the system.

The moment I input the cert's thumbprint and restart the service, the whole site now becomes unreachable. As soon as I put the old thumbprint back in and restart the service, it all works again.

Any ideas? We've had three of us try this each dozens of times, so it's HIGHLY unlikely we're all making the same mistake. But for some reason it worked once (and only once) with a now-expired certificate.

The browser says that there is no certificate when we change to the new thumbprint.

I'm attaching a sanitized copy of our IISExpressSvc.exe.config file, and screenshots of the messages in the browser when we have the new thumbprint in place.
Handles attachments
IISExpressSvc.exe.config.txt (1kb) downloaded 8 time(s).
Jackrock attached the following image(s):
2022-01-17 07_20_51-lansweeper.tallgrassenergylp.com and 49 more pages - Work - Microsoft​ Edge.png
2022-01-17 07_20_58-.png
Jackrock
#1Jackrock Member Original PosterPosts: 8  
posted: 1/19/2022 2:56:27 PM(UTC)
Any ideas?
fjca
#2fjca Member Posts: 109  
posted: 1/26/2022 8:16:46 PM(UTC)
Be sure that the certificate is a Machine certficate, aka it's in the Local Computer Store, on the Personal Folder. I've had a problem like that in the past when I imported it on my user store, and them IIS could not see it...

edsn
#3edsn Member Posts: 2  
posted: 1/28/2022 11:29:18 AM(UTC)
Make sure you import a pfx that contains the private key to the certificate you are using.

I had the same issue when I tried to use a certificate that was imported from .crt.

If you only have .crt and .key files you can use the following command (and openssl) to create a pfx:
openssl pkcs12 -export -out bundle.pfx -inkey privkey.key -in cert.crt -certfile cert.ca.crt
Jackrock
#4Jackrock Member Original PosterPosts: 8  
posted: 1/31/2022 4:20:11 PM(UTC)
Originally Posted by: fjca Go to Quoted Post
Be sure that the certificate is a Machine certficate, aka it's in the Local Computer Store, on the Personal Folder. I've had a problem like that in the past when I imported it on my user store, and them IIS could not see it...



Thank you. I will check that out. I think it's there, but I cannot be positive from memory alone.
Jackrock
#5Jackrock Member Original PosterPosts: 8  
posted: 1/31/2022 4:23:42 PM(UTC)
Originally Posted by: edsn Go to Quoted Post
Make sure you import a pfx that contains the private key to the certificate you are using.

I had the same issue when I tried to use a certificate that was imported from .crt.

If you only have .crt and .key files you can use the following command (and openssl) to create a pfx:
openssl pkcs12 -export -out bundle.pfx -inkey privkey.key -in cert.crt -certfile cert.ca.crt


I'm pretty sure the PFX has the key, but I did not generate it myself (another team handles that). I'll verify.
Jackrock
#6Jackrock Member Original PosterPosts: 8  
posted: 2/1/2022 8:19:10 PM(UTC)
Originally Posted by: fjca Go to Quoted Post
Be sure that the certificate is a Machine certficate, aka it's in the Local Computer Store, on the Personal Folder. I've had a problem like that in the past when I imported it on my user store, and them IIS could not see it...



Thanks, fjca. It seems this was the primary issue. We had it in the incorrect store.

Active Discussions

Lansweeper Clearing Thermal State Warning
by  calmed-anodises   Go to last post Go to first unread
Last post: 5/20/2022 6:28:27 PM(UTC)
Lansweeper Quality problems with Lansweeper
by  Hendrik.VE  
Go to last post Go to first unread
Last post: 5/20/2022 3:43:44 PM(UTC)
Lansweeper Bitlocker keys
by  SWResearch   Go to last post Go to first unread
Last post: 5/20/2022 1:34:18 PM(UTC)
Lansweeper Lansweeper Helpdesk instructional webinar
by  Erik.T  
Go to last post Go to first unread
Last post: 5/20/2022 10:40:30 AM(UTC)
Lansweeper Outlook task and calendar
by  ITVTECH   Go to last post Go to first unread
Last post: 5/20/2022 8:26:51 AM(UTC)
Lansweeper SCCM scanning incorrectly reporting last seen results
by  SWResearch  
Go to last post Go to first unread
Last post: 5/20/2022 12:34:52 AM(UTC)
Lansweeper Scanning certificates
by  EagleEyeJoe   Go to last post Go to first unread
Last post: 5/19/2022 7:39:24 PM(UTC)
Lansweeper Lansweeper Cloud Location
by  FrankSc  
Go to last post Go to first unread
Last post: 5/19/2022 7:07:49 PM(UTC)