2

I am attempting to setup an IIS6 server with one website (dedicated IP) for HTTPS access using a self-signed certificate.

Any request via HTTPS results in an empty (zero size) response with this somewhat strange status

HTTP/0.9 200 OK

Nothing weird in the request format, just a regular request from the browser (Firefox in this example)

GET https://server-name/ HTTP/1.1
Host: server-name
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive

There are no proxies between client and server.

HTTP requests are working as expected.

There was a slight hiccup installing the CA certificate (the admin installed it to the wrong account) but this has been fixed.

I've run everything through SSLDiag and it's coming back rosy.

I'm no Windows admin (developer by trade) and the admin here is not very familiar with IIS or the certificate process and is as stumped as I am.

Here's an IIS log extract which shows IIS is indeed seeing the requests

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2011-08-16 01:21:31
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status 
2011-08-16 01:21:31 10.40.149.87 GET / - 443 - 10.40.109.22 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+InfoPath.3;+.NET4.0C;+.NET4.0E;+.NET+CLR+2.0.50727) 200 0 2
2011-08-16 01:22:54 10.40.149.87 GET / - 443 - 10.40.109.22 Fiddler 200 0 2
Phil
  • 167
  • 1
  • 11
  • Are you sure about `GET https://server-name/ HTTP/1.1` part? I always thought (and observed) that it should be `GET / HTTP/1.1` – LazyOne Aug 16 '11 at 00:55
  • What request headers are sent // what client application is it? `HTTP/0.9` is very odd, especially if the request headers aren't sending that version. Stinks of misbehaving proxy - any proxy servers in the path? – Shane Madden Aug 16 '11 at 00:42
  • Updated my question. Just a typical request and no proxies – Phil Aug 16 '11 at 00:47
  • @LazyOne All browsers and even Fiddler2 are creating the `GET https://server-name/ HTTP/1.1` request. This is the same for other (working) sites, eg `GET https://github.com/ HTTP/1.1` – Phil Aug 16 '11 at 01:25
  • @Phil Somehow I see completely different in Firefox, Chrome and IE 9 when accessing `https://github.com/`. Please try accessing your server from another computer and tripple check that you have no proxies (that includes Antivirus as well -- turn it off completely during testing). – LazyOne Aug 16 '11 at 01:33
  • 1
    @LazyOne: He's seeing the proxy-like syntax because he's using Fiddler2, which is a proxy, to intercept the transaction. The browser is sending the request like that because it *is* using a proxy. – Evan Anderson Aug 16 '11 at 03:15

1 Answers1

1

IIS 6.0 can return HTTP/0.9 responses, but it really shouldn't be. I have a strong suspicion that IIS isn't what's answering your request. (A long shot, but that's the best I can come up with.) Run netstat -a -n -o | find ":443 " and verify that the PID returned for the listener on TCP port 443 (far right column) corresponds to the "System" process (PID 4). If it doesn't, investigate the PID of the process that was returned to find out what's listening on port 443.

The other thing to look at would be the IIS logs. You should be seeing entries corresponding to your attempted accesses. If you don't then I'd say something else is getting in the way.

Are there any odd ISAPI filters or extensions installed?

Evan Anderson
  • 141,881
  • 20
  • 196
  • 331
  • I get PID 3356 which is `svchost.exe` running under the `SYSTEM` user. I've added an IIS log extract to my question. The site is meant to be serving a Jrun4 Java application (don't ask) via a `jrun_iis6` ISAPI extension however I've disabled this without any change. – Phil Aug 16 '11 at 03:38
  • Looking further into that PID, Process Explorer shows it as the W3SVC service. Looks correct to me though the PID is higher than you expected – Phil Aug 16 '11 at 03:52