0
I am trying to install an SSL certificate on a distributed Windows cluster consisting of a domain controller and several web servers. Normally, on a set up where there's just a webserver, this has been an easy task, but with the current setup, I have been unable to access the site from outside the cluster.
I requested and installed the certificate on the webserver, then exported it and installed it on other web servers and the domain controller (following Microsoft’s How to load balance a Web server farm by using one SSL certificate in IIS 6.0 and in IIS 5.0). On the webserver, the site works as an SSL site visible via https on the internet. But outside the system it does not. telnet IP:port also does not go through to the controller. Here’s the command I issue:
telnet xxx.xxx.xxx.196 443
Connecting To xxx.xxx.xxx.196...Could not open connection to the host, on port 443 : Connect failed
I checked Windows firewall (which is not even turned on) and followed instructions at community.spiceworks.com/topic/… to add 443:
netsh advfirewall firewall add rule name="Open 443" dir=in action=allow protocol=TCP localport=443
Same for the out. But still it does not work.
What step am I missing?
user39818
Posted 2017-09-11T16:27:44.587
Reputation: 1
If you can’t even telnet to port 443, it sounds like your problem is with a firewall or something comparable, and not with SSL. You might get more relevant and specific help if you stated explicitly what command you are doing (I assume you are trying port 443) and exactly what happens when you do it. – G-Man Says 'Reinstate Monica' – 2017-09-11T16:49:08.307
Thanks for the response G-Man. Here's the command I issue:
Connecting To xxx.xxx.xxx.196...Could not open connection to the host, on port 443 : Connect failed
I checked Windows firewall (which is not even turned on) and followed instructions here to add 443: https://community.spiceworks.com/topic/2012515-i-cant-open-port-443-on-windows-server-2012-r2
netsh advfirewall firewall add rule name="Open 443" dir=in action=allow protocol=TCP localport=443
Same for the out.
But still it does not work.
I edited your updated information into your question; please check it and fix it (by clicking on [edit]) if I got it wrong. This might attract a little more attention. If you don’t get an answer in another couple of days, I suggest that you (1) visit [SF], see whether it looks like a community that might be able to answer your question. If it does, (2) read their community guidelines to see what they expect in a question, (3) edit your question (if necessary) to meet those guidelines, and (4) flag for moderator attention, and ask to have your question migrated. – G-Man Says 'Reinstate Monica' – 2017-09-16T20:19:48.657