Microsoft KB Archive/174779

= Require Secure SSL Channel Not Available After Installation =

Article ID: 174779

Article Last Modified on 6/23/2005

-

APPLIES TO


 * Microsoft Internet Information Server 2.0
 * Microsoft Internet Information Server 3.0

-



This article was previously published under Q174779



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SYMPTOMS
After you use Key Manager to install a new key for use with Secure Sockets Layer (SSL) security, the option to enable SSL for a specific virtual directory or a home directory remains unavailable (grayed out).



RESOLUTION
WARNING: Using Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows NT to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk.

The following are troubleshooting steps you can take to ensure availability of SSL functionality:

 Is the key complete and usable?

In Key Manager, select the key and verify that is has been installed correctly. If the key has not been installed correctly or is not complete and usable, backup the current keyset by selecting Key, select Export Key and click Backup File. Select the key and delete it.

To import the key from the original key or the backup set files, select Key, Import, and click Keyset Files or Backup File. Always choose Servers and click Commit Changes Now when you change the Key Manager configuration. Once the key is complete and usable, choose Servers and click Commit Changes Now. Exit Key Manager.  The registry entry for the Sspifilt.dll file that is required for SSL functionality has the following location:

     Hkey_Local_Machine/System/CurrentControlSet/Services/W3svc/Parameters Within the Parameters key, there is a string; the value of which is comma delimited and should specify the path for the Sspifilt.dll file. (for example, C:\Winnt\System32\Inetsrv\Sspifilt.dll).

Other Isapi filters may appear in this value as well. Verify that no spaces exist in this value. If spaces exist, you will need to specify a different physical path, without spaces, for the isapi filter dll path. (for example, C:\Program Files\Isapi.dll needs to change to C:\Winnt\System32\Isapi.dll or some valid path without spaces.

If the Sspifilt.dll file does not exist in the registry value, add it to the value by double-clicking the FILTER DLLS registry value and use the String editor.

NOTE: Use a comma with no spaces to separate isapi filter entries.  Restart the computer. Verify that the Require Secure SSL Channel option is available in the Directories Properties page in the WWW service.</ol>

Additional query words: greyed grey connection cannot be established

Keywords: kbtshoot KB174779

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.