SSL Diagnostics for IIS 6 (Windows Server 2003)

SSL Diagnostics tool for Windows Server 2003 is no longer available for download on TechNet. I had to ping my peers to who had a copy of the tool which they had downloaded earlier. Main stream support Windows Server 2003 ended in 2010, while extended support will end next year in 2015. Click here for…

3

SSL Handshake and HTTPS Bindings on IIS

Secure Socket Layer (SSL) also known as Transport Layer Security (TLS) is a cryptographic protocol which defines how 2 entities (client and server) communicate with each other securely. TLS is the successor of SSL. You can read more about it here: http://en.wikipedia.org/wiki/Transport_Layer_Security These are the following protocols which are most commonly used: SSL 2.0 SSL…

29

Windows Azure Web Sites : Cannot upload a Self-Signed Certificate created with PowerShell

As SSL functionality was added to Windows Azure Web Sites, I started playing around with it. I was trying to upload self-signed certificates when I ran into a issue. I created a self-signed certificate using Windows PowerShell ISE (New-SelfSignedCertificate Module). Below is a snippet of the command I ran: New-SelfSignedCertificate -CertStoreLocation cert:\LocalMachine\My -DnsName www.kaushalz.com I…

0

Working with Wild Card Certificates

Yesterday one of my colleagues came up to me with a simple problem regarding wild card certificates. I gave him the solution immediately, but it had to take a lot of convincing to do. This shows that there is a lot of confusion around how wild card certificates work. For first time readers, wildcard certificates…

3

Windows Azure Web Sites: SSL Support and configuration

Finally in the first week of June 2013, it has been announced that Windows Azure Web Sites will provide native support for SSL, which includes both SNI SSL and IP based SSL for custom web site domain names. This feature was one which took some time to be implemented and finally has been introduced. Before…

6

Difference in IIS 6, IIS 7.x and IIS 8 with regards to SSL

There were lot of differences with regards to SSL moving from IIS 6 to IIS 7.x and then to IIS 8. IIS 6 in itself was a breaking change, however there were lot of limitations and they were addressed in higher versions. I will try to pen down as I remember them and will update…

29

Disable Client Certificate Revocation (CRL) Check on IIS

I have been asked this question on several occasions on how to disable revocation check in IIS 7.  It was pretty easy for IIS 6, on IIS 7 there is no documentation on how to do so. This post will describe on how to achieve this task. Firstly, list out all the existing IIS bindings…

12

Central Certificate Store (CCS) with IIS 8 (Windows Server 2012)

In my previous posts on IIS 8, I discussed how scalability was  achieved in IIS 8 via SNI. Below are the links to previous posts:                   ·         SSL Scalability with IIS 8                   ·         SNI with IIS 8 In the first post I mentioned that scalability was achieved in IIS via Server Name Indication (SNI)…

13

Error HRESULT: 0x80070520 when adding SSL binding in IIS

Today I will be discussing the very infamous error that is seen while adding a SSL binding in IIS 7 & higher. Below is a snapshot of the error message while trying to add the SSL binding in IIS. Well, the error is definitely not descriptive enough, neither does it provide any vital information to…

17

SSL Scalability with IIS 8 (Windows 8 Server)

One of the biggest problems with IIS on the previous versions of IIS was in regards to scalability. This restriction was at the OS level at the kernel mode. There is nothing much that we could do to address this in IIS. One cannot bind more than one Certificate to a combination of <IP:Port>. The…

1