ENVIRONMENT
Windows Server 2008 Standard
IIS7
Site1 = asp.net, .net framework 3.5 (2.0) https, IP1 , API, standard ssl certificate
Site2 = asp.net, .net framework 4.0, https, IP2, API, wildcard ssl certificate
Site3 = asp.net, .net framework 4.0, https, IP3, APP, wildcard ssl certificate
Server is set to auto download, install, reboot MS patches.
Please note HTTP to HTTPS redirect is defined in web.config files for SITE2 and SITE3 using this RULE (sorry for poor formatting of XML below):
rewrite
rules
rule name="HTTP to HTTPS redirect" stopProcessing="true"
match url="(.*)" />
conditions
add input="{HTTPS}" pattern="off" ignoreCase="true" /
conditions
action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}{REQUEST_URI}" /
rule
rules
rewrite
I do not think this is related however but added to explain this is why i have not tested access to SITE2 and SITE3 during the outage via HTTP.
PROBLEM
When the server restart access to SITE1 is ok (https).
When the server restart access to SITE2 is no longer available (https).
When the server restart access to SITE3 is no longer available (https).
Please note all other HTTP sites are ok.
All other HTTPS sites using own IPs and .net 2.0 are ok.
SOLUTION
Load IIS7
Select SITES
Select SITE2
Select BINDINGS
Remove BINDING NAME "https , SITE1 host header, 443, IP2"
CLOSE
Restart Site
Select BINDINGS
Add BINDING NAME "https , SITE1 host header, 443, IP2" and select certificate.
CLOSE
SITE is then available again.
Repeat for any other effected sites.
QUESTIONS
I have alerts defined checking each page for availability so its easy to detect, response and resolve this issue .... BUT:
1) Why is it happening ? (only things different between site1 and site 2/3 are the wildcard certificate, the .net4.0 framework, different IPs and the site 2/3 http to https redirect in the web.config file.
2) How can i resolve this or at least diagnose the issue further?
Application and System Event Logs are are not displaying anything of note.
Thanks for any help
Scott
re add ssl certificate back.
Problem exist when certificate is copy and pasted and NOT imported.
NEVEWR copy and PASTE a SSL certificate.
Thus, II7 SSL will Always restart after you do the following. :)
Thank you for the reply.
Have tried EXPORT / IMPORT via MMC Certificate SNAP IN as opposed to IIS. I believe this will resolve any permission related issues. Will update this post with the results in a month.
Start > Run
Type in MMC and click OK
Go into the File Tab > select Add/Remove Snap-in
Click on Certificates and click on Add.
Select Computer Account > Click Next
Select Local Computer > Click Finish
Click OK to close the Add/Remove Snap-in window.
Double click on Certificates (Local Computer) in the center window.
Double click on the Personal folder, and then on Certificates.
Right Click on the Certificate you would like to backup and choose > ALL TASKS > Export
Follow the Certificate Export Wizard to backup your certificate to a .pfx file.
Choose to 'Yes, export the private key'
Choose to "Include all certificates in certificate path if possible." (do NOT select the delete Private Key option)
Enter a password you will remember
Choose to save file on a set location
Finish
You will receive a message > "The export was successful." > Click OK
The .pfx file backup is now saved in the location you selected.
Start > Run
Type in MMC and click OK
Go into the File Tab > select Add/Remove Snap-in
Click on Certificates and click on Add.
Select Computer Account > Click Next
Select Local Computer > Click Finish
Click OK to close the Add/Remove Snap-in window.
Double click on Certificates (Local Computer) in the center window.
Right click on the Personal Certificates Store (folder)
Choose > ALL TASKS > Import
Follow the Certificate Import Wizard to import your Primary Certificate from the .pfx file.
You will need to browse for .pfx files.
Enter the password that was used when exporting the certificate to a .pfx file.
If desired, check the box to "Mark this key as exportable."
When prompted, choose to automatically place the certificates in the certificate stores based on the type of the certificate.
Click Finish to close the certificate wizard. Close the MMC console.
REF: http://www.digicert.com/ssl-support/pfx-import-export-iis-7.htm