Wednesday, April 21, 2010

Error 107 ERR_SSL_PROTOCOL_ERROR

Needing to apply SSL to an existing website (on my Windows Server 2003 development machine) I recently opened the properties on the website (under IIS, Web Sites), clicked Directory Security and Server Certificate and chose to apply/replace the certificate from an existing site/certificate.

This did not have the required effect, when requesting the page in the browser:
  • Using HTTP://
    The page must be viewed over a secure channel
  • Using HTTPS://
    Error 107 (net::ERR_SSL_PROTOCOL_ERROR): Unknown error IIS
  • And occasionally
    Bad Request (Invalid Hostname)
Essentially, this is because I was trying to reuse an existing certificate on a web site that had a different name. The solution is basically to replace the certificate with a valid certificate either from a trusted Certificate Authority (CA) or to use the SelfSSL.exe.

All of this is documented here, the first link being how to use the SelfSSL to get the job done on a development box:
It is important to note that when applying SSL certificates, especially via SelfSSL, that you open the site's Properties dialog:
  • Click Web Site tab
  • Click Advanced button
  • Under Multiple SSL identifies for this Web site select the site's IP row
  • Click Edit button
  • From the IP address drop down menu select the IP address of that site
  • Click Ok, Ok, Ok
This associates the SSL certificate with the site's IP and ensures that there are no conflicts. Click the Help button in this window for more information.

4 comments:

  1. I had a similar problem too when trying to renew my Wildcard SSL Certificates and reading other blogs it seems a common problem. The easiest solution I have found is simply buying a new SSL certificate. SSL247.com are a great reseller of Wildcard Certificates and always at below retail price.

    ReplyDelete
  2. It's technical problem. If you want to fact solution for this please visit this site http://www.clickssl.com. it's trusted company believe me.

    ReplyDelete
  3. it's sounds like technical issue, you can use technical knowledge based source from platinum certificate authority https://www.rapidsslonline.com/ Your Trusted SSL certificate platinum authority on global scale.

    ReplyDelete