Page can't be displayed when you connect through SSL
This article helps you resolve the problem where page can't be displayed when you connect through SSL.
Original product version: Internet Information Services
Original KB number: 260096
Symptoms
When you connect to a computer running Internet Information Services (IIS) by using Secure Socket Layer (SSL), the following error message may occur:
The page cannot be displayed.
The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.
This Web site is usually the second Web site on the server. Connecting to the Web site through HTTP works correctly.
Cause
This error message can occur if you have SSL set on the default Web site, and you remove the certificate, and then try to set it up on a second Web site.
If you run a netstat -an command, you can see that a service is listening on port 443, but you cannot connect to it. This is caused by a new implementation in IIS versions 5.0 and later called Socket Pooling.
Resolution
Note
For the purposes of this article, two Web sites are installed: the default Web site and the Administration Web site. By default, SSL is enabled on the default Web site.
- Open the
Securityproperties for the default Web site, and then select Server Certificate. - In the wizard, click Assign an existing certificate, and then select a certificate from the list.
- When you have completed the wizard, click Web site tab, and then click Advanced.
- Delete all the entries that are listed in the SSL window.
- Click Server Certificate again, click Remove the current certificate, and click OK.
- Right-click the computer name in the Microsoft Management Console (MMC), and then click Restart IIS.
You should now be able to connect to the server by using SSL.
Workaround
Restarting the IIS services may resolve the error message. If it does not, follow the steps in the "Resolution" section of this article.
More information
After SSL is enabled on an IIS Web server, the IIS service begins to listen on all used and unused IP addresses on ports 80 and 443. For multi-IP address servers, you may want to disable this feature. This feature was added the product for performance gain.
This problem usually occurs when you try to set up SSL on the administration Web site. IIS finds the SSL settings for the default Web site and listens on port 443. However, the default Web site does not have a certificate to correspond to that site. Therefore, no connection can be made, which is why you can see a server listening on port 443, but you cannot connect to the site.
Steps to reproduce this behavior
- On a computer that has the default Web site and the administration Web site, create a certificate, and then set it on the default Web site. Leave the SSL port on 443.
- Click the Security tab on the default Web site properties, and then click Server Certificate.
- Click Remove the current certificate, and then click OK.
- Click Server Certificate on the administration Web site, choose to assign a certificate, and then select a certificate from the list.
- Make sure that the port is 443.
- Try to connect to the administration Web site through SSL (
https://localmachine). You do not need the port number of the site because SSL is listening on port 443 now. - The page cannot be displayed error occurs in the browser.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for