We have a Web Role running on Azure, the Service is running multi Domains on the service. Each Domain has its own certificate defined in the IIS supporting HTTPS connections.
It all worked correctly for months but yesterday it all broke, the IIS started serving the same certificate for all our domains. Is there a way to fix it?
Check out if you bind by mistake a certificate to the machine ip and not to a host.
Related
My setup:
Azure Vm : Windows server 2008
IIS 7.5
I have purchased a domain from godaddy and pointed it to the Azure VPS. Initially the website was running on IIS using http on port 80. I have purchased SSL from godaddy using CSR and installed them as following
Intermediate certificate using MMC
Server certificate using IIS
Then I bind the certificate with my website using https on port 443, but when I visited my website it's not loading up it on https and gives an error "This site can't be reached. I have also checked secure world wide web and https is checked in my firewall settings.
I solved it by
Goto your Azure VM
In Azure VM -> Find Endpoints
Click on Add endpoint
Add endpoint for you port (in my case 443) and give it a name ( e.g https)
Save
Done
Assuming a Windows Server 2012 VPS:
It seems that many tutorials include the setting up of DNS Server (setup of forward lookup zones, and A record) as part of the basic steps to deploy and run an ASP.NET web application on IIS.
I'm slightly confused, because within IIS manager you can set the bindings ( IP address, URL, SSL, port) of a web application. Wouldn't this alone not suffice to correctly route incoming requests to the correct web application?
What would be the advantage to running DNS Server?
IIS Manager can only manage IIS related Windows settings, but to make a site work you need much more settings than that.
DNS settings are critical to direct web browsers to your side. Nobody uses IP addresses to access a site, so a typical URL uses domain name. That requires DNS to translate the domain name to an IP address so that browsers can send HTTP packets to the proper location.
IIS Manager could not manage that for you, as which DNS product to use or how to configure it is usually vendor specific and out of IIS's scope.
I have an asp.net web app deployed on IIS7. I call the webapp AOps and When I try accessing the web app over https it just crashes saying "Security sertificate required to access this resource is invalid" (first image).
When I try over http the download works fine.
When I access the default IIS app over both http and https it works fine - except that it complains that the address is mismatched.
I have added a .pfx certificate in the certificate store with the same host name as my host, so the certificate should be fine. Any idea where to start reviewing my configuration?
I am used to apache and tomcat but IIS is a different animal. I looked in the IIS log but it's pretty much a black box. Any help would be greatly appreciated.
The certificate error is generated by your browser not the server. There are 3 things the browser cares about.
The name on the certificate needs to match the url you are using. So in your case, the browser wants a certificate issued to "localhost"
The certificate has to be issued by a trusted certificate authority (not self-signed)
The certificate cannot be expired
To solve 1, use a host entry in /etc/hosts. To solve 2, you need to add the certificate to trusted CA store on your local machine. And 3 is pretty obvious.
I am facing the following issue.
1 - I have deployed WCF service with SSL enabled on remote IIS machine and trying to use it from my web client.The problem is my browser is not allowing this service to be called.Before using my web client i have to hit the service url from my browser directly and then allow the certificate.
2- Got suggestion from somewhere to export the certificate on the machine where WCF is deployed and include that certificate file in Trusted certificates group on my machine.After I did that I got same problem when tried to access web service from web client.So I hit the service url from browser and got the same page which needs me to trust the certificate with a different message that "You attempted to reach 111.121.196.226(ip address of the WCF machine), but instead you actually reached a server identifying itself as "WMSvc-domain" where "WMSvc-domain" is the value of "Issued To" field in the certificate.
I hope I have made myself clear.Waiting for suggestions.Thank you.
WMSvc-machinename is the IIS Windows Management Service which runs by default on 8172/tcp and is used for remotely managing iis. When installed the default is to create a self-signed certificate. That wouldn't trusted. It could be replaced with a "proper" CA signed cert through the Management Service icon in IIS Manager.
I have any ASP.Net application running on IIS 7.5.
How can I incorporate SSL certificate to an single application in a domain.
Example , I have a website as www.mywebsite.com. Now I created another application which can be accessed by typing www.mywebsite.com/newapplication.
Now I could like to have SSL certificate only for www.mywebsite.com/newapplication and NOT FOR www.mywebsite.com.
IS THIS POSSIBLE ...???HOW ??
Thanks for your help
Start by configuring IIS to accept both http (80) and https (443) traffic. Then, configure your SSL certificate at site level. Now for each application that you create within your site (for example, your www.mywebsite.com/newapplication) you can explicitly configure if it requires SSL or not, by checking the Require SSL option under the SSL settings, visible in IIS management console when the application is selected.