Pfx import for SSL problem - Inetserver

This is a discussion on Pfx import for SSL problem - Inetserver ; We have 2 NLB 2003 SP1 webservers, and we have a site that SSL works fine on one of the NLB servers (the one the CSR originated from), but does not work on the other. In order to get a ...

+ Reply to Thread
Results 1 to 2 of 2

Pfx import for SSL problem

  1. Default Pfx import for SSL problem

    We have 2 NLB 2003 SP1 webservers, and we have a site that SSL works fine on
    one of the NLB servers (the one the CSR originated from), but does not work
    on the other.

    In order to get a certificate for a site, we make the CSR on one of the
    servers. When we get back the cert it is installed to the same server as the
    CSR (because it has the private key due to CSR creation). We then export the
    certificate and private key as a .pfx file, and import it into the other NLB
    host. This has worked flawlessly for the sites that we have with ssl already,
    except for one.

    IIS reports via site properties -> directory security tab -> view
    certificate that "You have a private key that corresponds to this certificate"

    I have verified that the .pfx is not corrupt, as I was able to load the .pfx
    on another Windows 2003 box and get it to work there.

    Wfetch run locally reports the following:

    WWWConnect::Connect("<FQDN_sitename>","443")\n
    [slib]: 0 bytes received from socket
    Failed to negotiate secure connection with <FQDN_sitename> - port 443
    WWWConnect::Close("","80")\n
    closed source port: 3519\r\n

    SSLDiag reports:

    #You have a private key that corresponds to this certificate
    The correct certificate information, read off of the cert, etc.

    When SSLDiag simulates an SSL handshake the following is shown:

    System time: Fri, 21 Oct 2005 16:33:21 GMT
    Connecting to <site_IP_address>:443
    Connected
    Handshake: 78 bytes sent
    #WARNING:Handshake: unspecified error receiving data
    #WARNING:Handshake: 0x80090304 (-2146893052) error

    The last two warnings above give the additional, non-helpful text of:
    This error is related to other errors shown in this tool. Look at the
    server-side errors shown in the main SSL Diagnostics tool before you try
    simulating an SSL Handshake. (except of course, there are no errors shown in
    the main SSL Diag tool relating to this website)

    Any thoughts, comments, solutions, etc?

    Thanks in advance,

    pj_servadmin

  2. Default RE: Pfx import for SSL problem

    Answering own post:

    We created a new csr with a new private key, and had the issuer issue a new
    certificate.


    "pj_servadmin" wrote:

    > We have 2 NLB 2003 SP1 webservers, and we have a site that SSL works fine on
    > one of the NLB servers (the one the CSR originated from), but does not work
    > on the other.
    >
    > In order to get a certificate for a site, we make the CSR on one of the
    > servers. When we get back the cert it is installed to the same server as the
    > CSR (because it has the private key due to CSR creation). We then export the
    > certificate and private key as a .pfx file, and import it into the other NLB
    > host. This has worked flawlessly for the sites that we have with ssl already,
    > except for one.
    >
    > IIS reports via site properties -> directory security tab -> view
    > certificate that "You have a private key that corresponds to this certificate"
    >
    > I have verified that the .pfx is not corrupt, as I was able to load the .pfx
    > on another Windows 2003 box and get it to work there.
    >
    > Wfetch run locally reports the following:
    >
    > WWWConnect::Connect("<FQDN_sitename>","443")\n
    > [slib]: 0 bytes received from socket
    > Failed to negotiate secure connection with <FQDN_sitename> - port 443
    > WWWConnect::Close("","80")\n
    > closed source port: 3519\r\n
    >
    > SSLDiag reports:
    >
    > #You have a private key that corresponds to this certificate
    > The correct certificate information, read off of the cert, etc.
    >
    > When SSLDiag simulates an SSL handshake the following is shown:
    >
    > System time: Fri, 21 Oct 2005 16:33:21 GMT
    > Connecting to <site_IP_address>:443
    > Connected
    > Handshake: 78 bytes sent
    > #WARNING:Handshake: unspecified error receiving data
    > #WARNING:Handshake: 0x80090304 (-2146893052) error
    >
    > The last two warnings above give the additional, non-helpful text of:
    > This error is related to other errors shown in this tool. Look at the
    > server-side errors shown in the main SSL Diagnostics tool before you try
    > simulating an SSL Handshake. (except of course, there are no errors shown in
    > the main SSL Diag tool relating to this website)
    >
    > Any thoughts, comments, solutions, etc?
    >
    > Thanks in advance,
    >
    > pj_servadmin
    >
+ Reply to Thread
« deny a user the ability to create a virtual directory, but still view the IIS MMC? | ASP interacting with Oracle server problem »

Similar Threads

  1. Problem with STS - cannot import
    By Application Development in forum Smalltalk
    Replies: 1
    Last Post: 11-21-2007, 03:37 PM
  2. xs:import problem
    By Application Development in forum XML SOAP
    Replies: 3
    Last Post: 01-11-2007, 07:08 AM
  3. problem using <xs:import tag
    By Application Development in forum DOTNET
    Replies: 1
    Last Post: 05-25-2006, 03:40 AM
  4. Import problem
    By Application Development in forum Java
    Replies: 3
    Last Post: 03-30-2005, 04:22 PM
  5. Problem with SWF Import
    By Application Development in forum Graphics
    Replies: 2
    Last Post: 07-11-2003, 03:52 PM