locked
VS 2008 error when opening sites with host header: Could not find a web server at... on port 443 RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-388456389 posted

    Hi everyone,

    I have the website https://www.goldnroll.com with a SAN certificate, on Windows Server 2008 and VS 2008. I was ale to open the website with VS 2008.

    I added another website on the same IIS server: https://dev.goldnroll.com.
    I had the same IP and port so I had to:
    - give a friendly name to the san certificate, starting with * (only way to unlock the host name fields)
    - configure host name for each site

    Both sites are working fine (you can check the above links).
    The problem is that VS 2008 cannot open them. It fails with the error "Could not find a web server at https://www.goldnroll.com on port 443". I added the IIS ssl binding for www.goldnroll.com. dev.goldnroll.com is similar:

    I want to insert screen captures but I can't... 

    Maybe this onedrive link works to see the image:

    https://1drv.ms/u/s!AhgtHQVTZBCNgpF7Ifpq7B0jbjbtvg

    Wednesday, July 4, 2018 2:03 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User347430248 posted

    Hi Psblue,

    possible cause of this error is that an intermediate device, such as a router or a firewall, is blocking TCP port 443 requests to the server.

    To isolate this as a possible cause, first make sure that an SSL request to the server on the server is successful. After you install the SSL certificate, you can make an SSL request to the server by using the browser on the server (that is, connect to https://www.commonnameonthecertificate.com by using the browser on the Web server).

    Further, Find the Blocking Intermediate Device

    1. On the Web server, open a command prompt and use the Microsoft TCP/IP Tracert utility to connect to a known Web server on the Internet that has an SSL certificate installed (such as www.microsoft.com). This shows all of the "hops" between the Web server and the destination server.
    2. When you have obtained this information, use the Microsoft TCP/IP Telnet utility to determine which router is blocking the SSL traffic. First, try to telnet to port 443 on the first hop that is reported from the Tracert output.
    3. Continue this process for each item on the Tracert list until you have determined the first intermediate device that is blocking SSL connections. After you find that device, work with the administrator of that device to correct this issue, and then try to connect to the site from the Internet.

    Reference:

    HOW TO: Determine If SSL Connectivity Is Not Working on the Web Server or on an Intermediate Device

    Regards

    Deepak

    Thursday, July 5, 2018 8:41 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-388456389 posted

    Hi Deepak, than you for the answer.
    Could this be the potential problem even if Visual Studio and IIS are running on the same machine?

    Our firewall doesn't block 443

    Small correction, is Visual Studio 2010.

    Thursday, July 5, 2018 10:51 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-388456389 posted

    It seems that the only solution was to add the host headers in the host file pointing to the local server ip...

    Loopback check on a dev machine would be right but this in production so if there is any other solution, I would be very happy to know

    Thursday, July 5, 2018 7:16 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User347430248 posted

    Hi Psblue,

    You can try to add Host header using command prompt.

    Setting up SSL Host Headers on IIS 7 Obtain an SSL certificate and install it into IIS 7. For step-by-step instructions on how to do this, see Installing an SSL Certificate in Windows Server 2008 (IIS 7.0). Once the certificate is installed into IIS, bind it to the first site on the IP address. Open the command prompt by clicking the start menu and typing “cmd” and hitting enter. Navigate to C:\Windows\System32\Inetsrv\ by typing “cd C:\Windows\System32\Inetsrv\” on the command line. In the Inetsrv folder, run the following command for each of the other websites on the IP address that need to use the certificate (copy both lines): 

    appcmd set site /site.name:"<IISSiteName>" /+bindings.[protocol='https',bindingInformation='*:443:<hostHeaderValue>']

 Replace <IISSiteName>  with the name of the IIS site and <hostHeaderValue> with the host header for that site (site1.mydomain.com)

    Try to make a test with the site in browser.

    Other work around is to use multi domain SAN certificate. 

    It can secure multiple fully-qualified domain names. And, contrary to popular belief, Multi-Domain (SAN) Certificates are compatible with almost all major server types. The difference between Multi-Domain (SAN) Certificates and Wildcard Certificates is that while Wildcards work on multiple websites because of the * character in the domain name, Multi-Domain (SAN) Certificates include a Subject Alternative Name (SAN) field that allows the certificate to include multiple names. For example, a Multi-Domain (SAN) Certificate can include www.domain.com, www.domain2.com, www.domain3.com, and mail.domain3.com. The certificate could then be installed to all four sites. When connecting to any of those sites, a browser will check the name that it is connecting to against the list of SAN names in the certificate. As long as a valid match is found, no error message is displayed.

    Regards

    Deepak

    Friday, July 6, 2018 7:24 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-388456389 posted

    Ho Deepak, I do have a SAN certificate.

    I tried adding the host headers with command prompt, it doesn't work...

    Sunday, August 12, 2018 6:49 AM