Join Log in
Score:1
avatar Server

Central Certificate Store Failures and Logging

cn flag
Joel

I've got IIS 10 on a Server 2019 instance with a Centralized Certificate Store configured.

The CCS looks valid in IIS. Certs are loaded and display no warnings or errors, but requests to any site returns a TCP reset.

  • If I manually install the cert from the CCS into IIS it works too, so it's not a cert problem.
  • I've verified with Wireshark that the Client Hello is including the the correct SNI host name that matches the file name in my CCS.
  • Per this question, I've checked that Require SNI is enabled on all https bindings on the entire server (there are only two and both on the same site)
  • The output of netsh http show sslcert looks like this: Central Cert Store netsh output

How can I debug this further? Is there some cert store log where I can get more details on failed requests (inetpub and httperr don't include them)?

29
0 + 0
Score:0
avatar Server
cn flag
Joel

So I fixed the failures by restarting the system... who knew!?

Never could find a log file of any kind...

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.