The SSL Diagnostics tool is a very useful tool for troubleshooting SSL issues. It generates a detailed report of SSL settings for all the websites on an IIS server which helps in quickly identifying SSL issues.
But the tool was built for IIS 5 and 6, there is no version available which is compatible with IIS 7. The SSL Diagnostics tool does succeed in generating a report on IIS 7 if the IIS 6.0 Metabase Compatibility feature is installed.
To help troubleshoot SSL issues on IIS 7 I have written a tool which works in a similar fashion. It scans all the websites and FTPS sites configured on the server and generates a report which can help in identifying SSL issues.
If any certificate has issues you will get a report as follows.
Generate Report – Scans all websites and FTPS sites on the local server. If a certificate association is found it will list details of the certificate. It also performs a certificate validation on the certificate. For SSL bindings it also attempts to check if a TCP connection can be established.
Simulate SSL Web Request – Right clicking on a https binding gives you this option. It generates a SSL Web request based on the selected binding and displays the response received.
Verify Store – Basically is the output of certutil –verifyStore MY. Useful in identifying certain issues with certificates.
INSTALLATION & USAGE
Attached SSLDiag.zip contains SSLDiag.exe.
You do not have to install this but just run the exe. (“Run as Administrator”)
You do not need the IIS 6.0 Metabase Compatibility feature to be installed.
You can also save the report generated for your notes or latter analysis.
Requires .NET 2.0.
Hope it helps in reducing your troubleshooting time on SSL issues.