I have been trying to install a UCC SSL certificate from Godaddy on our servers. I have been able to successfully create the CSR on the main server (IIS6) and had it approved by Godaddy. Then for testing purposes I added another domain to the certificate and exported it onto our test server. The test server is newer and has IIS7 but getting the certificate to install and work was a relatively painless process when following the instructions provided on the Godaddy site.
This is where I start to run into problems. My next step was to attempt to get HTTPS going on our main server with another one of our test sites. I followed the same process and added the new domain to the certificate and had it approved. Then I went back onto the server and followed the instructions provided by Godaddy for iis6 installation. The only problem is, it doesn't work.
If I try to surf to the site using HTTPS Firefox gives an unable to connect error (Fiddler says this is a 502 error).
I've tried netstat and I can see that localhost is listening on port 443.
I've checked the firewall and can see that an exception exists for this port.
I can telnet to the server on that port from my local machine.
I've tried using a specific IP and using * All Unassigned *.
I've tried using a different port (added an exception on the firewall for it and put the port in the url).
I've tried running this from the command line: cscript.exe adsutil.vbs set /w3svc//SecureBindings ":443:"
I've checked that the certificate has a private key.
I've gone looking for the logs but the ones I have found don't tell me anything about why the page is failing to load.
So far nothing has worked. It is beyond me why something that "just works" in iis7 seems so frustratingly difficult in iis6.
So I guess my question is, what else can I try and/or how do debug this?
Normally just works.
Does https to the IP address work from a browser on the local computer? (ignoring any "cert name invalid" errors). You could also try WFETCH from a client computer or the server (part of the IIS 6 Resource Kit tools - it's not susceptible to proxy hijacking and weirdo WinInet behaviour - like Telnet).
Also, keep in mind that a 502 can be a proxy error - you may need to add the site to the proxy exceptions list if it's an FQDN (both on the clients and the server itself), or the browser might be trying to go the long way around to something that might not exist yet.