SSL stops working on IIS7 after a reboot
I have a Windows 2008 Server with IIS7. Every time the server reboots, SSL stops working.
Normal HTTP requests work fine, but any request to an HTTPS address gives the typical error message in the browser:
Cannot find server or DNS
I can temporarily fix it by opening IIS Manager and bring up the Bindings… window for the website in question. Then I select “https”, click on “Edit” then click “Ok” without making any changes to the settings. After doing this, browsing to https:// works again until the next reboot.
This issue look as lot like the one described here, but according to the Certificates MMC snapin, the certificate in question does have a private key. I'm also pretty sure that I never installed the certificate in the personal store, but imported it straight into the machine store, but it's been a while...
There's not a lot in the event log apart from the event ID 36870 also described in the post I linked to.
Can anyone help me troubleshoot this issue so that SSL will work even after a server reboot?
Solution 1:
Something else that comes to mind would be a service that is trying to bind to your SSL port during startup. Do you have another SSL site or another server that's trying to listen on that port by any chance? If so, can you temporarily disable that server or switch the site to a different port to see if that allows your SSL site to come up?
Solution 2:
Does your certificate need/require any intermediate certificates that might not have been installed? There are plenty of sites that sell certificates now that are not root authorities, GoDaddy is a good example. In addition to your certificate you ahve to install their intermediate certificates for the chain of authority. Have you verified that you do not need these and/or they are installed if you do? Also, how is your current binding configured - do you have an IP specified and/or a hostname specified? If not have you tried specifying either one or both of those in your binding? That would really be more of a workaround than a resolution, but it could clarify if something like squillman stated was the case, and if it worked would also confirm your statement that your private key/certificate store are not corrupt.
Solution 3:
This was the solution for me:
http://blogs.msdn.com/b/asiatech/archive/2013/03/25/case-study-ssl-does-not-work-in-iis-7-5-after-server-reboots.aspx
Delete the certificate from the computer store and import it again. Don't drag and drop it from the user store.