Showing results for 
Show  only  | Search instead for 
Did you mean: 

This product reached the end of support date on March 31, 2021.

SSL decryption for web sites on IIS web server


Hi Guys,

Customer has configured an SSL key on AMD and believes it works for all web sites on an IIS web server. However, "show ssldecr keys" command showed the new ssl key does not match with traffic of any web sites.

Say IIS web server's IP address is Web sites A, B and C's IP addresses are, and SSL key is configured for the IIS web server address

My question is will the issue be solved if they configure the key for web site addresses instead of IIS web server address? Or if not, what else could have caused key mismatch?




Dynatrace Pro
Dynatrace Pro

If the TLS Certificate/Key pair is configured for only, IIS will not use it for any other IP addresses

Configuring IIS to use the same Certificate/Key pair for all IP address should resolve the customer's issue *if* it is indeed the same key that was loaded to the AMD.

That would also potentially introduce Certificate vs host name mismatches though, unless the Certificate is a wildcard certificate that matches all configured hosts on the IIS server.

-- Erik