SSL Certificate Stops Working after Server Reboot on IIS7, W2K8

windows-server-2008 iis-7 ssl
5,721

Solution 1

We found a solution from HERE:

After the machine is rebooted, go to the IIS Manager and bring up the Bindings… window for the website in question. Then, select “https”, click on “Edit” then click “Ok” without making any changes to the settings. After doing this, browsing to https:// should now be successful.

We still need to do this after every reboot unfortunately, but at least we have working SSL!

Solution 2

we have noticed same issue. After each server restart the SSL certificates are removed. The warning in EventLog appear on our machines right after start of TrendMicro OfficeScan. But even uninstalling the virus scanner did not changed anything. The problem persist after each restart.

Our research end with confirmation, that all settings are done correct in registry and "applicationHost.config" at "C:\Windows\System32\inetsrv\config\". But after restart this file is modified and teh certificate assignment is removed. (perhaps someone can find from here real reason.

Our conclusion was now to make workaround. With this instruction we created PowerShell script to assign the certificate again. http://www.iis.net/learn/manage/powershell/powershell-snap-in-configuring-ssl-with-the-iis-powershell-snap-in This is then set on computer start to be executed automatically (in elevated mode!).

Import-Module WebAdministration;set-location IIS:\
cd IIS:\SslBindings
get-item "cert:\LocalMachine\webHosting\*" | new-item 0.0.0.0!443

Depending on your certificate store you need to adapt the location. In case you have mutliple certificates you need to add a "-filter" to select the right one. (Above sample is for setting the certificate on port 443 for all IPs "*" .)

Hope this helps other people running in this stupid issue. We got this on "Win2012 Server" with IIS8 in year 2016(!) - still same problem persist!

Share:
5,721

Related videos on Youtube

bharath
Author by

bharath

Updated on September 18, 2022

Comments

  • bharath
    bharath over 1 year

    We recently upgraded from W2K3/IIS6 to W2K8/IIS7 and have been having problems with our SSL Certificate (Thawte 123 SSL certificate) ceasing to work after rebooting.

    Initially, the intermediate certificates would stop working and we could repair the problem by reinstalling all of them after the reboot (annoying, but not the end of the world). Unfortunately, this is no longer working. The certificate chain has been doublechecked by several tools and people with decent knowledge but no one has been able to identify the cause of the problem.

    The bindings in IIS have been checked as well

    The cert itself is also still valid.

    NOTE 1: I have seen THIS question which seems to be very similar, but there is no satisfactory answer in that post and it's a year old so not likely to get one any time soon. NOTE 2: I'm asking this on behalf of a co-worker so won't be able to provide instant feedback to any questions/suggestions but I will pass it on.

    The url is:

    http://www.flirtalike.com / https://www.flirtalike.com

    Screenshots:

    enter image description here enter image description here enter image description here enter image description here

  • TomTom
    TomTom almost 12 years
    Gosh, that sucks. Have you opened a support ticket with Microsoft for that? This smells like a bug. Worth a hotfix. I would put it Prio A - a power failure - reboot - renders servers unusable, possibly at a BAD time. Cries for a hotfix.
  • bharath
    bharath almost 12 years
    Thanks for the reply Pavel. Unfortunately, we won't be able to try this solution - my colleague tells me that we ended up getting an alternative certificate which no longer gives us any problems.
  • bharath
    bharath almost 11 years
    Hehe, you're probably right @TomTom - however this happened over a year ago and we haven't been using that server for at least 6 months of that year. In other words, it's completely impossible for us to reproduce. Next time...
  • bharath
    bharath almost 11 years
    Oh right, you asked that in 2012. I guess that happens when you review your profile once per year because you don't spend much time on Serverfault...
  • Eduardo Xavier
    Eduardo Xavier almost 5 years
    hi @Zac when you said "alternative certificate" did you mean you have got from different provider? I mean, before was using COMODO then started to use another company?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Identify and disable weak cipher suites Windows server 2008 / IIS 7
Manually create Private RSA Key from Text file? To be used with SSL for IIS7
How can I install root or intermediate SSL certificates without restarting server?
Installing SSL Certificate for use in IIS7, installation "works", but cert listing disappears
IIS 7 Still Serving old SSL Certificate
What is the IIS application pool size used for? Why is it important?
PHP mkdir Permission Denied running on Windows Server 2008 IIS 7 due to Read Only Attribute?
How to enable TLS1.2 on IIS7 Windows Server 2008 R2
HTTP Error 500.19 - Internal Server Error The requested page cannot (WCF + REST + IIS7 + SSL)
Windows Server 2008 R2 + IIS 7.5 + ASP.NET 4.0 = HTTP Error 500.0