How to enable https in IIS?

Question

1. I have applied a free certificate for my website and successfully installed the certificate in the certificate store. And the CN is the same as my domain(issued to mydomain).

2. I also set up the site bindings and added an https binding using the free certificate.

3. The port 443 is opened for both inbound and outbound.

4. Windows Network Troubleshooting detected the resource(my domain) is online but isn't responding to connection attempt.

But I still get ERR_CONNECTION_TIMED_OUT error from the browser.

Did I miss any steps? How could I enable the https in IIS?

UPDATE 11/14/2018

I have run bindings diagnostics and SSL diagnostics using JexusManager suggested by @Lex Li, and got more information as below:

Binding Diagnostics:

BINDING: https *:443:whatever.com

This site can take external traffic if,

• TCP port 443 must be opened on Windows Firewall (or any other equivalent products).

• Requests from web browsers must be routed to following end points on this machine,

  • [::1]:443.
  • My.private.IP.address:443.

This site can take local traffic at 127.0.0.1:443.

This site can take local traffic at [::1]:443.

• Web browsers should use URL https://whatever.com:443. Requests must have Host header of "whatever.com". Start DNS query for whatever.com. DNS Query returns 1 result(s).
  • 127.0.0.1

Binding Diagnostics does not verify certificates and other SSL/TLS related settings.

Please run SSL Diagnostics at server level to analyze SSL/TLS configuration.

And then I ran SSL diagnostics as below:

BINDING: https *:443:whatever.com

SSLCertHash: 2962cd5b2b450403bce520169c268de1f17a6216

SSL Flags: None

Testing EndPoint: 127.0.0.1

CertName: whatever.com

Version: 3

You have a private key that corresponds to this certificate.

Signature Algorithm: sha256RSA

Key Exchange Algorithm: RSA-PKCS1-KeyEx Key Size: 2048

Subject: CN=whatever.com

Issuer: CN=TrustAsia TLS RSA CA, OU=Domain Validated SSL, O="TrustAsia

Technologies, Inc.", C=CN

Validity: From 11/11/2018 4:00:00 PM To 11/12/2019 4:00:00 AM

Serial Number: 0B365B8ABC8118CD7F818FD5B7BB485C

DS Mapper Usage: Disabled

Archived: False

Subject Alternative Name: DNS Name=whatever.com DNS Name=www.whatever.com

Key Usage: KeyEncipherment, DigitalSignature

Enhanced Key Usage: Server Authentication (1.3.6.1.5.5.7.3.1),Client

Authentication (1.3.6.1.5.5.7.3.2)

Basic Constraints: Subject Type=End Entity, Path Length Constraint=None

Certificate verified.

And, I also have run an SLL Checker and it returns:

whatever.com resolves to My.Public.IP.Address

Server Type: Microsoft-IIS/8.5

No SSL certificates were found on whatever.com. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server's firewall.

The certificate passed the SSL Diagnostics but it has some problem. I didn't get it. How could I enable https protocol for my site? Many thanks!

Answer 1

Problem solved.

As @John Wu said, this is not a programming problem but a network gateway problem.

First, the certificate has no problem and so does the server/firewall setting.

The problem occurred in the network gateway of the cloud service provider that blocked the 443 port inbound and outbound. In my case, I am using AliCloud server and it blocked every request which went through 443 port from the public network. And this is why I could only get access to the SSL website through the browser on the server.

The solution is very simple. The only thing needs to do is to inform the cloud service provider to open the 443 port. In my case, I just added the 443/443 port authorization in the control panel of the cloud servers and then everything fixed.