Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IIS / SSL / accessible by internal IP only

Status
Not open for further replies.
jgillin

jgillin

Programmer
Oct 22, 2003
82
US
Hi,
I'm trying to setup SSL on IIS. I created a CSR using IIS on the default site, and sent it to Thawte. After receiving the certificate, I finished the certificate process. I can access the https site by internal IP address (eg, and of course, the popup comes up since it's not being accessed by the domain name it was registered to. When I try to access it by the domain name, or by external IP address over https, I get "Cannot find server or DNS Error" in IE, and "connection was refused when attempting to contact in Netscape. Note that I can access the site fine by IP or domain externally when using a http: connection. There's only 1 firewall and port 443 is allowed for all IP addresses for TCP and UDP. The windows Internet Connection Firewall on the server is not enabled. If I didn't know better, I'd think it was a firewall issue, but I'm sure that port is open. So the problem is that SSL works when accessed by internal local network address (from any computer in the local network), but never allowed by external IP address or domain name.
Does anyone have any suggestions as to where I should go from here?
 
Sort by date Sort by votes
I would try to telnet into port 443 on your external IP from outside your network and ensure connectivity as a first step.
 
Upvote 0 Downvote
That's exactally what I was going to recommend trying.

Denny

--Anything is possible. All it takes is a little research. (Me)

[noevil]
(My very old site)
 
Upvote 0 Downvote
Hi,
Thanks for the replies.
I enabled telnet on the server, and tried to access it locally via "telnet localhost 443", and the terminal window essentially goes blank (nothing displayed except the cursor). If I type "telnet localhost" (default port), it gives me the standard warning message. Incidentally, if I type netstat -noa, port 443 does show up on the list of ports that are LISTENING. I've contacted our ISP to make sure they weren't blocking port 443, and they said they weren't (but they couldn't access it and said that our server probably wasn't listening on port 443).
Does anyone know if there are any free or trial based networking tools that might help detect where the problem is occurring?
In the meantime, I'm going to look into the firewall logs. BTW, nothing shows in the IIS access log (which makes sense since the connection is refused).
If anyone else has any other ideas, please share.
Thanks,
Jeff
 
Upvote 0 Downvote
This turned out to be a firewall issue after all. The firewall had an 2 entries related to this. One named SSL, but also another named https. I'm not sure why the 2 separate entries (the SSL was for TCP/UPD on 443, the https one was for TCP on 443). Although the SSL one was allowing access for all ips, the https entry was denying all.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
1K
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
825
DrB0b
DrB0b
dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
1K
mangentle
mangentle
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
343
RRankin355
RRankin355
GriffMG
  • Locked
  • Question
Server 2016 IIS - When opening default web page in Edge (chromium) it downloads rather than opening
Replies
1
Views
382
GriffMG
GriffMG

Part and Inventory Search

Sponsor

Back
Top