Recently ran into an issue with one my clients, where they were trying to access their reporting site online, but it refused to connect over SSL because of what was then an unknown issue. Essentially, I couldn’t access an HTTPS site, and it turned out that I also couldn’t bind my existing SSL Certificate to it either! Keep on reading to see what you can do to diagnose your issue, and potentially fix it!
Here’s the error I received when accessing via Chrome:
This page can’t be displayed
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://server.domain again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.
I hopped on the server, and being the secure company that we are, certain ciphers and protocols are disabled because they need to be. TLS1.2, however, WAS enabled!
Rebooted the server to reset IIS in full, as well as any processes that were running—this had no effect. Naturally the next step was to check event logs, which gave me the following:
Error (SCHANNEL) ID 36870
A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001.
Error (HttpEvent) ID 15021
An error occurred while using SSL configuration for endpoint 0.0.0.0:443. The error status code is contained within the returned data.
This led me to take a look at the bindings of my website in IIS. Here’s what I did to get the determination of a possible certificate error:
Step 1: Open IIS
Step 2: Right Click affected website and select “Edit Bindings”
Step 3: “Edit” binding for 443
Step 4: Change SSL Cert to IIS Dev Cert and Apply
Step 5: Re-Apply your cert and get the following:
A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)
Well then, that’s an interesting error. I determined this was likely an SSL Cert problem, and from what I read it could be confused as to who the “owner” of the certificate is – usually happens if you added the cert as a local admin or another user instead of the account you’re on.
Here’s how to fix:
Open up certificates in MMC
Step 1: Open up a Run window and type “mmc”
Step 2: Click File > Add/Remove Snap In
Step 3: Add > Certificates, Click OK
Step 4: Choose “Computer Account”, then “Local Computer” and proceed.
Step 5: Hit OK
Export Certificate in MMC
Step 1: Open “Certificates”
Step 2: Open the folder where your certificate is stored.
Step 3: Right Click on Certificate, All Tasks, Export
Step 4: Export to the server Desktop
Now you should be able to re-import your certificate into IIS (or just into MMC) without issue. Restart IIS, and Note: You may have to reimport as “Complete certificate renewal” depending on your certificate.
If that didn’t work – I came across this issue at another client and found that it was because I had deleted the PREVIOUS certificate that had expired. Somehow the two were tied together, and as soon as I reimported the old certificate … everything was working again!
Did this fix work for you? Yes/No? Did you find another way to make it work?