Windows Server IIS无法访问Https站点

时间:2018-07-26 09:29:49

标签: ssl iis

我一直在尝试让SSL在Windows Server 2016上运行。

  • 我已经使用Certify Web“证书SSL管理器”创建了SSL证书。
  • 证书已绑定到IIS中的站点。 类型:https 端口443 IP地址 * 要求服务器名称指示已选中(使用SSL的站点超过1个)
  • 我已在防火墙上启用安全套接字隧道协议(SSTP-In)规则。

netstat正在显示   原始本地地址外部地址状态   TCP 0.0.0.0:443 0.0.0.0:0侦听

我可以通过http访问该站点,但无法通过https来访问该站点。

有什么想法吗?

SSL Diagnostics look Ok:
BINDING: https *:443:www.xxx
SSLCertHash: 22cede4f7a934c9a18e1234dd1ec5ad5fd9e6eee
SSL Flags: Sni
Testing EndPoint: 127.0.0.1
#CertName: www.xxx [Certify] - 7/31/2018 8:59:12 PM to 10/29/2018 8:59:12 PM
#Version: 3
#You have a private key that corresponds to this certificate.
#Signature Algorithm: sha256RSA
#Key Exchange Algorithm: RSA-PKCS1-KeyEx Key Size: 2048
#Subject: CN=www.xxx
#Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
#Validity: From 31-Jul-18 8:59:12 PM To 29-Oct-18 8:59:12 PM
#Serial Number: 0320D0187424022AEA2723F9B330223768C3
DS Mapper Usage: Disabled
Archived: False
#Key Usage: KeyEncipherment, DigitalSignature
#Enhanced Key Usage: Server Authentication (1.3.6.1.5.5.7.3.1),Client Authentication (1.3.6.1.5.5.7.3.2)
#Basic Constraints: Subject Type=End Entity, Path Length Constraint=None
#Subject Alternative Name: DNS Name=www.xxx
Certificate verified.

BINDING: https *:443:www.xxx
This site can take external traffic if,
 * TCP port 443 must be opened on Windows Firewall (or any other equivalent products).
 * Requests from web browsers must be routed to following end points on this machine,
   * y.y.y.y:443.
   * [zzz]:443.
This site can take local traffic at 127.0.0.1:443.
This site can take local traffic at [::1]:443.
 * Web browsers should use URL https://www.xxx:443. Requests must have Host header of "www.xxx".
   DNS query of "www.xxx" does not return a known IP address for any network adapter of this machine. It can be desired, but please review your DNS settings (or modify the hosts file).
Please run SSL Diagnostics at server level to analyze SSL configuration. More information can be found at https://www.jexusmanager.com/en/latest/tutorials/ssl-diagnostics.html.

2 个答案:

答案 0 :(得分:0)

Jexus Manager报告,您的服务器端设置看起来不错,

  • 有效证书。
  • 有效的HTTPS绑定。

但是,www.xxx的DNS查询返回未知的IP地址(x.x.x.x)。因此,外部HTTPS请求将由网络浏览器发送到x.x.x.x。它依靠其他网络配置来转发来自x.x.x.x的此类请求。

  

来自网络浏览器的请求必须路由到以下端点   这台机器,
  * y.y.y.y:443。
  * [zzzz]:443。

通常,x.x.x.x应该是公用IP,而y.y.y.y应该是私有IP。数据包转发应该是某个地方的AWS设置,并且可能需要打开端口443的另一个防火墙。您应该能够参考AWS文档进行查找。

答案 1 :(得分:0)

如果您在AWS服务器上运行,除了更改EC2实例上的防火墙规则外,别忘了向安全组中的入站规则添加https(443)。

相关问题
最新问题