IIS6 SelfSSL

[tyanni]

I've created a self signed certificate in IIS6 using SelfSSL on a test server. When I connect from my laptop, which has IE7 installed, it works fine. However, it doesn't work when I try to connect from any machine with IE6. After some troubleshooting, I've discovered that I can connect if I enable TLS 1.0 in IE6, which is enabled by default in IE7.

So, why does IE require TLS to connect to a site which is supposedly secured using SSL? Does SelfSSL actually create a TLS cert (if this even exists) or am I missing something?

Thanks,
Tim

 

[stash]

Sounds like your server is misconfigured.

 

[spyordie007]

Try regenerating the certificate, if it still doesnt work right make sure to post the SelfSSL command you're using.

 

[tyanni]

Regenerating the cert didn't work. Here is the command I am running -

SSLDiag /selfssl /V:730 /N:CN=mysite.test.com /S:18930566

Certificate appears in the site, and all of the info does look valid. However, if I run SSLDiag, it reports that its found a SSLCertHash and SSLStoreName, but can't find a CertName, Private Key, Subject, Issuer, or Validity. I am not sure if this is because its a self signed cert or a symptom of something bigger. However, if I view the cert from IIS Manager, it does claim I have a corresponding private key.

Thanks!
Tim

 

[stash]

Does your server have the "System Cryptography: Use FIPS compliant algorithms for encryption, hashing and signing" group policy enabled?

Enabling this will cause IIS to only negotiate TLS.

 

[tyanni]

Okay, thats definitely the issue. Part of the role of this test server is to verify compatability with our new GPO structure, which is loosely based on the MS Specialized Security - Limited Functionality Template, which I believe has the FIPS option enabled. The next question then, is where can I go to read up on why TLS is able to be used when an SSL certificate is enabled? I thought TLS was the successor to SSL - does it also use SSL certs?

Thanks for the help so far!

Thanks,
Tim

 

[stash]

SSL and TLS have some very minor differences, mainly in the algorithms used in the handshake between server and client.

Here's a very good technical paper on SSL/TLS: http://technet2.microsoft.com/WindowsSe...5fc-9bb8-41a7d89e42d11033.mspx?pf=true

 

[tyanni]

Perfect - thanks!