0

I've got two webserver set up with shared configuration, and now centralized certificate storage.

however, despite the configuration looking similar on both servers - only one seems to work - I've tried restarting the IIS service but I get nothing.

the "slave" which has a share configured for the certificate, which does appear in the list does not seem to reply, all I see is the following:

Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://domain.removed.dk  again. 

If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. 

Please contact your site administrator.

Mind you, this is using the same browser that loads https fine on the master server. (I am switching IP address in my host file to test the two servers)

Marco
  • 1,709
  • 3
  • 17
  • 31
Tim
  • 1
  • 1

1 Answers1

0

I managed to resolve this myself. posting solution in case others experience it.

It appears that the Centralized SSL Certificate storage passthrough binding isn't created on the remote servers when you pair it with shared configuration, as it seems to be stored in the local registry, so in order for it to be created on the remote server, I had to open IIS Manager on it, edit the binding to save it (IE, uncheck SNI, save, check SNI, save) for the passthrough binding to be correctly registered.

you can see if it has been created as described here: https://superuser.com/a/1175842

Tim
  • 1
  • 1
  • Thank you for posting this! I've been scratching my head for hours trying to figure this out. – Brad Aug 26 '20 at 22:35