SSL site requires password

Question

User808231796 posted

Maybe this is an beginner's problem, but I do not find any online resource solving it: I've got a minimal https site in IIS (let's assume it's "MySSLSite") on a Win Server 2019 with a physical path "..\inetpub\wwwroot\MySSLSite". It's configured as anonymous authentication. I installed a certificate which my provider assures me I have installed correctly. The site consists of one minimal index.html file only, which is located in the "MySSLSite" folder.

When I navigate to "https://www.MySSLSite" in a browser (doesn't make a difference which one), I'm prompted to provide username and password. Now whatever I'm trying to grant file system access rights to the physical path consistently fails. I tried IUSR, IIS_IUSRS, even my Admin account - doesn't matter, inspecting with Fiddler will always provide a 401 error. I'm trying for two days now googling back and forth for some hints, and I'm out of my wits now. Can anyone point me to a solution? This must have been accomplished by thousands of people before, I don't get it what the difficulty is here.
 
 Thanks and best reagrds!

Answer 1

User1771714573 posted

Hi ijuedt,

You can open IIS log to check the sub status code of 401 error.

Usually, SSL certificate will not need password when you access site through https. So you can try to change another certificate. If you test it in development machine and the machine has installed IIS express, you can use certificate of IIS Express. Or create a new empty site binding to your certificate.

Besides, did you set SSL to require certificate?  This is client certificate setting not SSL configuration. So you don't have to set it to require But just leave it as ignore.

Certificate will not ask for username and password and any other thing. It will only show an insecure connection because your client does not trust this certificate, but the request can still reach the site.

Best regards,

Brucz