I’ve recently ran into a peculiarity with getting SSL set up for an existing WSS 3.0 site: They quit working after I run IISRESET. While there have been many different blog posts out there seemingly with the right answer, they haven’t worked 100% in my case. Below is what I have discovered to work along with some caveats and gotchas.
- WSS 3.0
- IIS 6.0 (Win2k3 x64)
- Two different Web Applications with different URLs
- On Advantage Cert from Entrust (allows registering of two SSL CERTS)
- Server is in a workgroup. It is a standalone server. No other servers in farm.
The Current Solution:
To the existing SharePoint Web Application in IIS:
This is a fully functional SharePoint site that had been running in BETA w/o SSL. Now that we are moving to production, it makes sense to secure it using SSL… All of the settings below were done through IIS except where otherwise specified.
- Added a valid CERT to the current web application of the SP Site in IIS (in this case, SharePoint – 80)
- Changed its default port from 80 to 81
- There are no host headers on my SharePoint – 80 site
On the Cert properties (Directory Security > Edit (the cert):
- Require Secure Channel
- Require 128-bit encryption
Directory Security Tab > Edit (Authentication and Access Control):
- Enable Anonymous Access (leave the username/password default)
- Changed Authenticated Access to Basic Authentication (password sent in clear text)
- Put the computer name in the “Default Domain” field
In SharePoint Central Administration, I’ve set the following Alternate Access Mappings (SCA > Operations > Alternate Access Mappings)
Create a Redirection Website in IIS:
Created a new IIS website called Port80Redirect:
- Added host headers on port 80 to my site
- Home Directory set as “A Redirection URL”
- Entered the https:// URL to my site
With the current settings mentioned above, and without running IIS Reset… the SharePoint site works as expected. Any attempts to access the site via http:// will redirect the user to https:// so users don’t get the error message that they must enter the address as HTTPS.
I repeated these steps above for my second web application (I have two different web apps… essentially hosting two different web sites)
IISRESET breaks the sites:
If I run IISRESET, BOTH sites become inaccessible.
- IE 8 and 9 report “Internet Explorer cannot display the web page. No error numbers of any sort (useless error!)
- Chrome reports Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.
The only way I’ve found as a workaround is to add a host header to the main site (currently set to port 81), then remove it.
This seems to trick IIS into working again – FOR BOTH SITES!
It is as if making some sort of change to any of the sites in IIS site fixes things (although I’ve only attempted to change the main site, since that is what I was initially troubleshooting).
This is a predictable and repeatable problem and workaround.
Any comments or insights as to why this happens will be greatly appreciated. I am sure there is an obvious answer, especially regarding how to work with SSL Certs and IIS 6.0; but with Google and Bing as my textbooks (no other proper training), and my gut instincts as my tools, this is what I’ve been able to figure out.