SSL Certificate Stops Working after Server Reboot on IIS7, W2K8

ssl windows-server-2008 iis-7

We recently upgraded from W2K3/IIS6 to W2K8/IIS7 and have been having problems with our SSL Certificate (Thawte 123 SSL certificate) ceasing to work after rebooting.

Initially, the intermediate certificates would stop working and we could repair the problem by reinstalling all of them after the reboot (annoying, but not the end of the world). Unfortunately, this is no longer working. The certificate chain has been doublechecked by several tools and people with decent knowledge but no one has been able to identify the cause of the problem.

The bindings in IIS have been checked as well

The cert itself is also still valid.

NOTE 1: I have seen THIS question which seems to be very similar, but there is no satisfactory answer in that post and it's a year old so not likely to get one any time soon. NOTE 2: I'm asking this on behalf of a co-worker so won't be able to provide instant feedback to any questions/suggestions but I will pass it on.

The url is:

http://www.flirtalike.com / https://www.flirtalike.com

Screenshots:

enter image description hereenter image description hereenter image description hereenter image description here


We found a solution from HERE:

After the machine is rebooted, go to the IIS Manager and bring up the Bindings… window for the website in question. Then, select “https”, click on “Edit” then click “Ok” without making any changes to the settings. After doing this, browsing to https:// should now be successful.

We still need to do this after every reboot unfortunately, but at least we have working SSL!


we have noticed same issue. After each server restart the SSL certificates are removed. The warning in EventLog appear on our machines right after start of TrendMicro OfficeScan. But even uninstalling the virus scanner did not changed anything. The problem persist after each restart.

Our research end with confirmation, that all settings are done correct in registry and "applicationHost.config" at "C:\Windows\System32\inetsrv\config\". But after restart this file is modified and teh certificate assignment is removed. (perhaps someone can find from here real reason.

Our conclusion was now to make workaround. With this instruction we created PowerShell script to assign the certificate again. http://www.iis.net/learn/manage/powershell/powershell-snap-in-configuring-ssl-with-the-iis-powershell-snap-in This is then set on computer start to be executed automatically (in elevated mode!).

Import-Module WebAdministration;set-location IIS:\
cd IIS:\SslBindings
get-item "cert:\LocalMachine\webHosting\*" | new-item 0.0.0.0!443

Depending on your certificate store you need to adapt the location. In case you have mutliple certificates you need to add a "-filter" to select the right one. (Above sample is for setting the certificate on port 443 for all IPs "*" .)

Hope this helps other people running in this stupid issue. We got this on "Win2012 Server" with IIS8 in year 2016(!) - still same problem persist!

Related

How to relax firewall for UDP connections/ports for a specific IP address?
How can I tell what rpms are managed outside of yum? [closed]
Remounting MySQL under a new mount point
Can a virtual PC find out the identity of its host?
Ubuntu Trusty on EC2 - apt-upgrade with 403 forbidden
How to convert MBR to GPT and change from BIOS/legacy boot to UEFI
Validating rsync via SSH authorized_keys command="..."
Restarting nginx backends without losing requests
HP Proliant Microserver Gen8: OS on a Micro SD or USB drive a good idea?
Apache 500 error for .htaccess: "<Files not allowed here"
LXC guest OS installation
Amazon AWS - Export EBS Snapshot to External Storage