Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SSL broken after modifying permissions on “Machine Keys” folder - Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error

Tags:

ssl

x509certificate

windows-server-2003

iis-6

I have an ASP.NET web app running on my STAGE server (Windows 2003 server with IIS 6).

I've started using Google Analytics Core Reporting API in my application, and it worked great on my DEV box (Windows 7 / IIS 7.5)

As I moved my code to STAGE server, I started getting "The system cannot find the file specified" exception; the solution was to load the user profile with the App Pool identity, but IIS 6 does not have that feature.

I've found a work-around for IIS 6, which was to give the App Pool account Read/Write permissions on 

C:\Document and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machine Keys

When I set the permissions, I've applied them to all child entities (via Advanced option); not only this didn't fix the error; but it also broke the SSL connection to my site.

I get Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.; non-SSL url works just fine.

My question is how to restore the proper permissions on C:\Document and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machine Keys and fix my SSL connection?

Any other suggestions on fixing my SSL connection would be appreciated.

like image 245
roman m Avatar asked Feb 08 '13 20:02

roman m

1 Answers

I gave up on fixing the issue, since I was moving the application to a different server anyways; and it didn't look like any other applications were affected.

Then I restarted IIS, and all hell broke loose.

IIS was not starting back up; IIS Admin Service was not starting with "Error 6: Handle is invalid".

That error helped me to get to the bottom of the issue, and find the correct permissions on the MachineKeys folder.

This article pointed me to Default permissions for the MachineKeys folders - KB 278381 which had the correct permissions.

NOTE: KB article states that Everyone should have Special Permissions on This folder only; yet sharepoint-geek's article suggests applying those permissions to This folder, subfolders, and files (which I did).

Once the permissions were fixed, iisreset worked and even my SSL issue was resolved.

Hope this saves somebody hours of frustration.

like image 89
roman m Avatar answered Oct 14 '22 04:10

roman m
Sign in to Comment

Related questions

TLS Handshake message parsing
Django request.is_secure returns wrong value for redirected methods
IIS 7 Site using HTTPS not Accessible from Outside Internet (is accessible from intranet)
Accepting certificates in Java
Exception when printing the server certificate details
OpenSSL certificate revocation check in client program using OCSP stapling
Accept untrusted SSL server certificate with CFStream socket on iOS
Forcing SSL Client Socket to Send Certificate
Does cyclone (python) support HTTPS connections and SSL?
QSslError: The certificate is self-signed, and untrusted
Using multiple SSL certificates in single tomcat instance
vsftpd : Make sure data transfers are encrypted?
Difference between httpd.conf and ssl.conf
Using a single certificate based on aliases from Java Key Store
Is subdomain part of a https url secure?
How to generate CSR for SSL that works with Nginx & Apache?
Passing GET variables over SSL = secured?
List of trusted CA in android?
.net core 2.1.3 ssl error
How to force Commons HTTPClient 3.1 to use TLS 1.2 only for HTTPS?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!