SSL stops working on IIS7 after a reboot

iis-7 ssl ssl-certificate

6,453

Solution 1

This was the solution for me:

http://blogs.msdn.com/b/asiatech/archive/2013/03/25/case-study-ssl-does-not-work-in-iis-7-5-after-server-reboots.aspx

Delete the certificate from the computer store and import it again. Don't drag and drop it from the user store.

Solution 2

Does your certificate need/require any intermediate certificates that might not have been installed? There are plenty of sites that sell certificates now that are not root authorities, GoDaddy is a good example. In addition to your certificate you ahve to install their intermediate certificates for the chain of authority. Have you verified that you do not need these and/or they are installed if you do? Also, how is your current binding configured - do you have an IP specified and/or a hostname specified? If not have you tried specifying either one or both of those in your binding? That would really be more of a workaround than a resolution, but it could clarify if something like squillman stated was the case, and if it worked would also confirm your statement that your private key/certificate store are not corrupt.

Solution 3

Something else that comes to mind would be a service that is trying to bind to your SSL port during startup. Do you have another SSL site or another server that's trying to listen on that port by any chance? If so, can you temporarily disable that server or switch the site to a different port to see if that allows your SSL site to come up?

6,453

Mark Seemann

Programmer/architect. Author of Dependency Injection Principles, Practices, and Patterns. Creator of AutoFixture.

Updated on September 17, 2022

Comments

Mark Seemann over 1 year

I have a Windows 2008 Server with IIS7. Every time the server reboots, SSL stops working.

Normal HTTP requests work fine, but any request to an HTTPS address gives the typical error message in the browser:

Cannot find server or DNS

I can temporarily fix it by opening IIS Manager and bring up the Bindings… window for the website in question. Then I select “https”, click on “Edit” then click “Ok” without making any changes to the settings. After doing this, browsing to https:// works again until the next reboot.

This issue look as lot like the one described here, but according to the Certificates MMC snapin, the certificate in question does have a private key. I'm also pretty sure that I never installed the certificate in the personal store, but imported it straight into the machine store, but it's been a while...

There's not a lot in the event log apart from the event ID 36870 also described in the post I linked to.

Can anyone help me troubleshoot this issue so that SSL will work even after a server reboot?
- bharath over 12 years
  
  Hi Mark, I know that this is a really, really, old question now - but is there any chance you remember finding a solution to this problem and what it might be? We're experiencing the same thing as per: serverfault.com/questions/339323/….
- Mark Seemann over 12 years
  
  No, sorry, I never found a solution... I have to go and manually fix the SSL configuration after each server reboot :(
- bharath over 12 years
  
  Ah, that's a pain. If I get a good answer on my post I'll try to remember to post it here as well.
- bharath over 12 years
  
  Well, we've found a solution for our problem - but we got it from the link you posted above so I guess it won't be able to help you. Good luck...
- bharath over 12 years
  
  Actually, this now leaves us in your situation - we will still have to do this every time we reboot...
Mark Seemann almost 14 years

Yes, that's a fair guess, but I don't think that's the issue. The problem only started after I changed the certificate. I'd been running for 2 years without incident with an older certificate, but it expired and I had to renew it. I also can't think which other service that would be. +1 for a good suggestion, though :)