Registrations are now open. Join us today!
There is still a lot of work to do on the wiki yet! More information about editing can be found here.
Already have an account?

Microsoft KB Archive/174779

From BetaArchive Wiki
Knowledge Base


Require Secure SSL Channel Not Available After Installation

Article ID: 174779

Article Last Modified on 6/23/2005



APPLIES TO

  • Microsoft Internet Information Server 2.0
  • Microsoft Internet Information Server 3.0



This article was previously published under Q174779

We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

SYMPTOMS

After you use Key Manager to install a new key for use with Secure Sockets Layer (SSL) security, the option to enable SSL for a specific virtual directory or a home directory remains unavailable (grayed out).

RESOLUTION

WARNING: Using Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows NT to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk.

The following are troubleshooting steps you can take to ensure availability of SSL functionality:

  1. Is the key complete and usable?

    In Key Manager, select the key and verify that is has been installed correctly. If the key has not been installed correctly or is not complete and usable, backup the current keyset by selecting Key, select Export Key and click Backup File. Select the key and delete it.

    To import the key from the original key or the backup set files, select Key, Import, and click Keyset Files or Backup File. Always choose Servers and click Commit Changes Now when you change the Key Manager configuration.
  2. Once the key is complete and usable, choose Servers and click Commit Changes Now. Exit Key Manager.
  3. The registry entry for the Sspifilt.dll file that is required for SSL functionality has the following location:

          Hkey_Local_Machine/System/CurrentControlSet/Services/W3svc/Parameters
     
                            

    Within the Parameters key, there is a string; the value of which is comma delimited and should specify the path for the Sspifilt.dll file. (for example, C:\Winnt\System32\Inetsrv\Sspifilt.dll).

    Other Isapi filters may appear in this value as well. Verify that no spaces exist in this value. If spaces exist, you will need to specify a different physical path, without spaces, for the isapi filter dll path. (for example, C:\Program Files\Isapi.dll needs to change to C:\Winnt\System32\Isapi.dll or some valid path without spaces.

    If the Sspifilt.dll file does not exist in the registry value, add it to the value by double-clicking the FILTER DLLS registry value and use the String editor.

    NOTE: Use a comma with no spaces to separate isapi filter entries.

  4. Restart the computer.
  5. Verify that the Require Secure SSL Channel option is available in the Directories Properties page in the WWW service.



Additional query words: greyed grey connection cannot be established

Keywords: kbtshoot KB174779