Reputation: 882
IIS 7.5 site with SSL fails, site without SSL works
I'm in the process of creating a website using the ASP.Net MVC 4 framework. I'm having difficulty getting SSL working with that (or any sort of basic) site.
I purchased an SSL certificate for the domain in question (let's just call it "example.com"). I have gone into IIS, and have configured the https binding for the Default Web Site for port 443. If I open the non-SSL version of the site, it works. (In this case, the site is the stock, basic IIS start page). If I attempt to access the site over https, it times out and fails to display the page.
I've verified using netsh that port 443 is open, and that there is nothing else listening on the port. I've double checked to make sure that Windows Firewall is allowing traffic on port 443, and it is. If I fire up Wireshark and listen for traffic on port 443, then attempt to access the web page, I get the following:
I'm not an expert at interpreting these results, but it would seem that something is still blocking the outbound connection. Again, the regular http web page loads fine, but the https version of the same page times out.
I'm about at my wits end trying to figure this out. Any ideas what might be going on here?
Upvotes: 0
Views: 2252
Answers (2)
Reputation: 882
This took a bit of digging, but I finally figured it out.
It would appear that, by default, https access to an Amazon EC2 instance is blocked. This explains why it didn't matter what I did in IIS, it wouldn't work. This would also explain why having the correct binding, having the proper ports open on the firewall, and anything else I tried didn't work. It had to do with Amazon, and how they've got things configured on their end.
To enable traffic on port 443, I did the following:
- In the Amazon web console (https://console.aws.amazon.com/ec2), click on the Security Groups link on the left
- Under the security group that your instance is running, set up a new Inbound rule to allow HTTPS traffic from any IP.
- Set up a new Outbound rule to allow HTTPS traffic to any IP.
It wasn't necessary to delete/recreate/restart the instance. As soon as I applied the rules, I tried hitting the https site in my browser on my local machine, and it worked.
Steffen, thanks for the help.
(Related: HTTPS setup in Amazon EC2)
Upvotes: 0
Reputation: 123260
Either something is blocking the connections on port 443 on their way to the server or something is blocking the responses. From the wireshark screenshot I see that the server and your client are in separate networks, so there is obviously at least one router in between, maybe other firewalls too. You might check with traceroute or tracepath how far your request travels (e.g. specify port 80 in one try and port 443 in another try and compare) and where the filtering device might be.
Upvotes: 0
Related Questions
- IIS SSL Is Not Functioning Properly
- IIS 503 "Service Unavailable" over HTTPS, HTTP works fine
- IIS 7 HTTPS not working
- Https Site cannot be reached Windows Server IIS
- IIS 7.5 SSL https - wrong site appears when calling other site
- IIS not using SSL certificates
- Client/Server SSL certificate ignored/forbidden with Require SSL set in IIS 7.5
- IIS7 - Two Way SSL - 403.7
- SSL Website showing 404 error over non-SSL (HTTP)
- IIS 7 adding SSL to one site, all other sites responds to https request