cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

This product reached the end of support date on March 31, 2021.

SSL decryption for web sites on IIS web server

chenjie_zhu22
Inactive

Hi Guys,

Customer has configured an SSL key on AMD and believes it works for all web sites on an IIS web server. However, "show ssldecr keys" command showed the new ssl key does not match with traffic of any web sites.

Say IIS web server's IP address is 10.21.0.1. Web sites A, B and C's IP addresses are 10.21.0.2, 10.21.0.3 and 10.21.0.4. SSL key is configured for the IIS web server address 10.21.0.1.

My question is will the issue be solved if they configure the key for web site addresses instead of IIS web server address? Or if not, what else could have caused key mismatch?

Cheers,

Kevin

1 REPLY 1

Erik_Soderquist
Dynatrace Pro
Dynatrace Pro

If the TLS Certificate/Key pair is configured for only 10.21.0.1, IIS will not use it for any other IP addresses

Configuring IIS to use the same Certificate/Key pair for all IP address should resolve the customer's issue *if* it is indeed the same key that was loaded to the AMD.

That would also potentially introduce Certificate vs host name mismatches though, unless the Certificate is a wildcard certificate that matches all configured hosts on the IIS server.

-- Erik