How to get SSL working

Occasional Visitor

We just purchased an SSL from Comodo. However, when trying to access the site through https the operation always times out, even though http will always work. I figured this was due because of a firewall, however, when I turned off the windows firewall for a test the operation still timed out. I have given what we have in place below (Also note: this problem exists even for an IIS locally created SSL certificate)

 

  • We are using an Azure Virtual Machine using the Windows 2008 R2 Datacenter OS
  • Certificate is bought and signed for the domain "my.closerealty.com"
  • The certificate has been added to IIS's repository of certificates.
  • my.closerealty.com has a binding set for HTTPS (all unassigned IP address) port:443 using the certificate
  • Secure World Wide Web Services (HTTPS) Home/Work(Private) AND Public are both checked in the Windows Firewall
  • World Wide Web Services (HTTPS Traffic-In) rule is enabled for port 443
  • The website and even the IIS7 server itself has been restarted
  • Only 1 Domain uses HTTPS and it also uses HTTP. The domain is declared as "my.closerealty.com" and not "www.closerealty.com" or "closerealty.com" (if this matters)

Any suggestion on what else I need to look at to solve this problem?

 

1 Reply

Assuming the website is written in ASP.NET, you can play around the web.config file by extending the 'executionTimeout' value (i.e. <httpRuntime executionTimeout=""> section in <system.web>).

It would also be good to setup a redirect from http to https (done in web.config, using URL Rewrite module in IIS), or the same can be done with HTTP Redirect in IIS.

Concerning your last bullet point - it doesn't matter if you use subdomains, as a rule, they all should be registered within Comodo (or whatever provider you use).

Returning to the main question, it is hard to say what may go wrong. There is a tool for IIS 7 SSL diagnostics. It will provide you a detailed report of SSL settings. Please use it to determine what's wrong with your settings: https://blogs.msdn.microsoft.com/vijaysk/2009/09/20/ssl-diagnostics-tool-for-iis-7/

 

And the last - bear in mind that opening ports in Windows Server Firewall is not enough, as VM in Azure uses it's own networking settings (network security group). You may need to configure the endpoints to make those ports available to the external world. Have a look at 'Networking' blade in VM settings. That could be the reason ;)