IIS not using SSL certificates - asp.net

My setup:
Azure Vm : Windows server 2008
IIS 7.5
I have purchased a domain from godaddy and pointed it to the Azure VPS. Initially the website was running on IIS using http on port 80. I have purchased SSL from godaddy using CSR and installed them as following
Intermediate certificate using MMC
Server certificate using IIS
Then I bind the certificate with my website using https on port 443, but when I visited my website it's not loading up it on https and gives an error "This site can't be reached. I have also checked secure world wide web and https is checked in my firewall settings.

I solved it by
Goto your Azure VM
In Azure VM -> Find Endpoints
Click on Add endpoint
Add endpoint for you port (in my case 443) and give it a name ( e.g https)
Save
Done

Related

The connection was reset in IIS 7 for HTTP and HTTPS website after each server restart

I am currently hosting a website (running with MVC4 website) with HTTP and HTTPS in Windows Server 2008 R2 (IIS 7)
However, after each server restart, the site will always show "The connection was reset". I have to manually reconfigure the "IP Address" at "Binding" in IIS7.
Any possible way to trace how the issue could happened and anyway to fix it?
(Sidenote: I have similar website that hosted in IIS 8, Windows Server 2012 with same configuration, and the issue does not happened to the machine)
Update:
There is no trace in Event Viewer, so I have no idea what are the possible issues that happened.
Update:
The websites are virtual hosted on the same port in same server with binded DNS, where all of them using wildcard certificate based on domain for all HTTPS site. When I edit binding on one of the website with the HTTPS port, the rest of websites will work just fine without touching any binding.

IIS 8.5 reverse proxy redirect

I hava a meteor application running on windows server 2012 r2.
I need my app to run over ssl so i set the meteor to port 80 and created a reverse proxy in the iis from 443 to 80 (i deactivated port 80 on the iis).
All works fine until i want to redirect the user to the ADFS server for authentication. the url that the client get is with the app name (the server) and not the ADFS url. -> what happen is that the iis change the url from the adfs server to the app server.
In order to configure the iis reverse proxy i use this guide: http://www.myconnectionserver.com/support/tutorials/v90/iisProxy/index.html
Does someone has any idea how to configure iis properly?

IIS/Azure multi domains all retun the same certificate

We have a Web Role running on Azure, the Service is running multi Domains on the service. Each Domain has its own certificate defined in the IIS supporting HTTPS connections.
It all worked correctly for months but yesterday it all broke, the IIS started serving the same certificate for all our domains. Is there a way to fix it?
Check out if you bind by mistake a certificate to the machine ip and not to a host.

Multiple domains in 443 port in same IP

i have hosted the one website "www.example1.com" in port 443(https) in IIS 7. now i bought a new domain for "www.example2.com" for same IP. i would like to host the another website in this domain(www.example2.com) in port 443(i already used port 443 for "www.example1.com").
How can i do this? Is this possible to host two domains in port 443 in same IP? If yes could anyone please let me know the right way to do this? I am using IIS 7.
It CAN be done.
SSL Host Headers in IIS 7 allow you to use one SSL certificate for multiple IIS websites on the same IP address. Through the IIS Manager interface, IIS only allows you to bind one site on each IP address to port 443 using an SSL certificate. If you try to bind a second site on the IP address to the same certificate, IIS 7 will give you an error when starting the site up stating that there is a port conflict. In order to assign a certificate to be used by multiple IIS sites on the same IP address, you will need to set up SSL Host Headers by following the instructions below.
What Type of SSL Certificate Do You Need?
Because you can only use one certificate, that certificate needs to work with all the hostnames of the websites that you use it with (otherwise you will receive a name mismatch error). For example, if each of your IIS 7 websites uses a subdomain of a single common domain name (like in the example below), you can get a Wildcard Certificate for *.mydomain.com and it will secure site1.mydomain.com, site2.mydomain.com, etc.
If, on the other hand, your IIS 7 sites all use different domain names (mail.mydomain1.com, mail.mydomain2.com, etc.), you will need to get a Unified Communications Certificate (also called a SAN certificate).
Setting up SSL Host Headers on IIS 7
Obtain an SSL certificate and install it into IIS 7. For step-by-step instructions on how to do this, see Installing an SSL Certificate in Windows Server 2008 (IIS 7.0).
Once the certificate is installed into IIS, bind it to the first site on the IP address.
Open the command prompt by clicking the start menu and typing “cmd” and hitting enter.
Navigate to C:\Windows\System32\Inetsrv\ by typing “cd C:\Windows\System32\Inetsrv\” on the command line.
In the Inetsrv folder, run the following command for each of the other websites on the IP address that need to use the certificate (copy both lines):
appcmd set site /site.name:"<IISSiteName>" /+bindings.[protocol='https',bindingInformation='*:443:<hostHeaderValue>']
Replace <IISSiteName> with the name of the IIS site and <hostHeaderValue> with the host header for that site (site1.mydomain.com)
Test each website in a browser. It should bring up the correct page and show the lock icon without any errors. If it brings up the web page of the first IIS site, then SSL Host Headers haven’t been set up correctly.
in iis 7.5 or newer versions
- Sites > Add Website
- Site Name: example2.com
- Physical Path: select directory
- Binding: same ip as example.com
- Host name: example2.com
then in binding check this for both websites
You can't in IIS7 - each HTTPS binding requires a unique IP/port combination because the Host Header cannot be used to differentiate sites using SSL. This is because the host header is not visible during the SSL handshake.
Your workaround is to differentiate the sites by binding to a different external IP, or by binding to a port other than 443. Both options are less than ideal I know.
There's a great MSDN blog on this.
Fortunately IIS8 appears to have a solution in the form of Server Name Indication (SNI).
Interestingly this is not an IIS quirk, Apache has the same issue, as would any web server before the introduction of SNI.
I currently use IIS 6.0.
I have managed to set up multiple web sites using port 443 and different certificates.
From the IIS manager, go to the web site and edit site bindings.
Simply make sure that the Require Server Name Indication box is ticked and leave the IP address: as All Unassigned.
You now use the same port (443) for multiple sites by selecting the appropriate certificate for the site from the dropdown list of certificates.
We also host multiple sites in port 443 but we need UNIQUE IP addresses for each site.
You cannot bind multiple sites to port 443 using only one IP address.
Unless there is a work-around, but I'm not aware of any.
This article may help:
http://www.harbar.net/articles/ssl.aspx
If you are using a wildcard certificate, just use the format *.domainname.com in the friendly name and the IIS GUI will enable the hostname control for you when you are editing the binding.
Source

SSL for single applicaiton on IIS

I have any ASP.Net application running on IIS 7.5.
How can I incorporate SSL certificate to an single application in a domain.
Example , I have a website as www.mywebsite.com. Now I created another application which can be accessed by typing www.mywebsite.com/newapplication.
Now I could like to have SSL certificate only for www.mywebsite.com/newapplication and NOT FOR www.mywebsite.com.
IS THIS POSSIBLE ...???HOW ??
Thanks for your help
Start by configuring IIS to accept both http (80) and https (443) traffic. Then, configure your SSL certificate at site level. Now for each application that you create within your site (for example, your www.mywebsite.com/newapplication) you can explicitly configure if it requires SSL or not, by checking the Require SSL option under the SSL settings, visible in IIS management console when the application is selected.

Resources