Disable Client Certificate Revocation (CRL) Check on IIS

I have been asked this question on several occasions on how to disable revocation check in IIS 7.  It was pretty easy for IIS 6, on IIS 7 there is no documentation on how to do so. This post will describe on how to achieve this task. Firstly, list out all the existing IIS bindings…

9

Central Certificate Store (CCS) with IIS 8 (Windows Server 2012)

In my previous posts on IIS 8, I discussed how scalability was  achieved in IIS 8 via SNI. Below are the links to previous posts:                   ·         SSL Scalability with IIS 8                   ·         SNI with IIS 8 In the first post I mentioned that scalability was achieved in IIS via Server Name Indication (SNI)…

12

Error HRESULT: 0x80070520 when adding SSL binding in IIS

Today I will be discussing the very infamous error that is seen while adding a SSL binding in IIS 7 & higher. Below is a snapshot of the error message while trying to add the SSL binding in IIS. Well, the error is definitely not descriptive enough, neither does it provide any vital information to…

12

SSL/TLS Alert Protocol & the Alert Codes

There have been many occasions where a event corresponding to SChannel is logged in the System event logs which indicates a problem with the SSL/TLS handshake and many a times depicts a number. The logging mechanism is a part of the SSL/TLS Alert Protocol. These alerts are used to notify peers of the normal and…

23

Do we need to install/move IIS related folders to a non-System drive?

It is not possible to install IIS on a non-system drive. Well “not possible” may be too restrictive, I would say it is not recommended or not supported to do so. At CSS we see a lot of issues relating to the above topic. One needs to relocate (or even Install) the IIS related folder…

5

ISAPI Filter to reject HTTP/1.0 requests

There is a known problem on IIS where the IP Address is leaked in the content-location header of the HTTP response. There is a fix for this and its documented here: http://support.microsoft.com/kb/834141 The above KB also mentions that the issue might still occur even after using the above fix. It is discussed in detail in…

2

Troubleshooting SSL related issues on IIS

One of my article has been published on IIS.NET on how to troubleshoot SSL related issues. Here is the link: Troubleshooting SSL related issues (Server Certificate) There is another article written by my colleague few years ago. Here is the link to that: http://blogs.msdn.com/b/saurabh_singh/archive/2007/09/05/troubleshooting-ssl-related-issues-with-iis.aspx Let me know if there are any additional scenarios that you…

0

Server Name Indication (SNI) with IIS 8 (Windows Server 2012)

  In my previous article I discussed on how scalability was achieved in IIS 8. Here is the link: SSL Scalability with IIS 8.   In this blog I will discuss specifically about Server Name Indication aka SNI. We will learn how scalability is achieved through this.   During SSL handshake when the client sends…

13

SSL Scalability with IIS 8 (Windows 8 Server)

One of the biggest problems with IIS on the previous versions of IIS was in regards to scalability. This restriction was at the OS level at the kernel mode. There is nothing much that we could do to address this in IIS. One cannot bind more than one Certificate to a combination of <IP:Port>. The…

0

Installing WIRESHARK/WinPCap on Windows 8 RTM

        Windows 8 was RTM’d last week and as a curious soul I upgraded to RTM. Once done, I was loading my machine with all the tools that I use everyday. This includes the networking tools like Network Monitor and WIRESHARK. Both have their own advantages. I was able to install Network Monitor without any…

38