TR Member Perks!

Recently ran into an issue with one my clients, where they were trying to access their reporting site online, but it refused to connect over SSL because of what was then an unknown issue. Essentially, I couldn’t access an HTTPS site, and it turned out that I also couldn’t bind my existing SSL Certificate to it either! Keep on reading to see what you can do to diagnose your issue, and potentially fix it!

Here’s the error I received when accessing via Chrome:

This page can’t be displayed

Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://server.domain again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

I hopped on the server, and being the secure company that we are, certain ciphers and protocols are disabled because they need to be. TLS1.2, however, WAS enabled!

Rebooted the server to reset IIS in full, as well as any processes that were running—this had no effect. Naturally the next step was to check event logs, which gave me the following:

Error (SCHANNEL) ID 36870

A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001.


Error (HttpEvent) ID 15021

An error occurred while using SSL configuration for endpoint  The error status code is contained within the returned data.

This led me to take a look at the bindings of my website in IIS. Here’s what I did to get the determination of a possible certificate error:

Step 1: Open IIS

Step 2: Right Click affected website and select “Edit Bindings”

Step 3: “Edit” binding for 443

Step 4: Change SSL Cert to IIS Dev Cert and Apply

Step 5: Re-Apply your cert and get the following:

A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)

Well then, that’s an interesting error. I determined this was likely an SSL Cert problem, and from what I read it could be confused as to who the “owner” of the certificate is – usually happens if you added the cert as a local admin or another user instead of the account you’re on.

Here’s how to fix:

Open up certificates in MMC

Step 1: Open up a Run window and type “mmc”

Step 2: Click File > Add/Remove Snap In

Step 3: Add > Certificates, Click OK

Step 4: Choose “Computer Account”, then “Local Computer” and proceed.

Step 5: Hit OK

Export Certificate in MMC

Step 1: Open “Certificates”

Step 2: Open the folder where your certificate is stored.

Step 3: Right Click on Certificate, All Tasks, Export

Step 4: Export to the server Desktop

Now you should be able to re-import your certificate into IIS (or just into MMC) without issue. Restart IIS, and  Note: You may have to reimport as “Complete certificate renewal” depending on your certificate.

If that didn’t work – I came across this issue at another client and found that it was because I had deleted the PREVIOUS certificate that had expired. Somehow the two were tied together, and as soon as I reimported the old certificate … everything was working again!

Did this fix work for you? Yes/No? Did you find another way to make it work?

Rutledge Daugette

Founder & CEO

Founder of TechRaptor with a love of video games (B.S. in Game Programming) and technology. Started TechRaptor to create a place where people could come for quality content.