How to use SSL Diagnostics 1.0 to identify issues in IIS

Key features of the SSL Diagnostics tool include:

• Certificate Creator: This feature lets admins replace existing server certificates with self-signed server certificates generated by SSL Diagnostics. The functionality is available with IIS 5.0, IIS 5.1 and IIS 6.0. Certificate Creator does not delete your existing certificates, but temporarily replaces the current certificate with a self-signed certificate. When testing is complete, an administrator can restore the original certificate back into IIS.

  Certificate Creator can help you determine if your SSL problems are related to your Windows server certificate, as well as detect problems with certificates purchased from third-party certification authorities. If SSL works with the self-signed certificate but did not work with the other certificate, it's surely a certificate problem. If SSL does not work with the self-signed certificate or the other certificate, it's not a certificate problem. You can then restore the original certificate, which automatically removes the self-signed one.

• SSL handshake: SSL Diagnostics lets admins quickly simulate an SSL connection between a Windows server and Web browser. This is known as an SSL handshake. When implemented, SSL Diagnostics opens a new window that shows the connection information from the client's point of view, meaning the information the Web browser receives. If there is a problem with the SSL handshake, a warning will appear that describes the problem. This feature helps determine where the connection is breaking down during the SSL handshake process. You can simulate an SSL handshake at the Web-site or Web-page level.

• Client Certificate Monitor: You can use SSL Diagnostics to monitor the usage of client certificates in real time by attaching to the associated process where the encryption and decryption takes place. As the certificate information is being parsed by the server, Client Certificate Monitor displays both the client certificates that are trying to connect to your Web site and the associated information contained in those certificates. Client Certificate Monitor also shows the error codes associated with the result of the SSL server settings and client certificates. So Client Certificate Monitor displays both valid certificates and the reasons for invalid certificates, including expired, not yet valid, or revoked client certificates.

  Although useful, Client Certificate Monitor requires some real-time interaction with the server processes. Because of the impact it can have on performance, using it is not recommended on a production server. After using Client Certificate Monitor, you should restart the server.

When you go to Programs -> IIS Diagnostics -> SSL Diagnostics to open the program, the utility will begin a diagnostic scan of the server on which you are running it. In the results section, just highlight the line entry you wish to research (especially those with red exclamation points) and SSL Diagnostics will give you the issue's explanation and possible fixes to correct the problem.



Inside the IIS Diagnostics Toolkit

 Introduction
 How to install the Microsoft IIS Diagnostics Toolkit
 How to use SSL Diagnostics 1.0
 How to use Authentication and Access Control Diagnostics (AuthDiag) 1.0
 How to use Exchange Server SMTP Diagnostics 1.0
 How to use Log Parser 2.2
 How to use WFetch 1.4
 How to use Trace Diagnostics
 How to use Debug Diagnostics 1.0

About the author: Tim Fenner (MCSE, MCSA: Messaging, Network+ and A+) is a senior systems administrator who oversees a Microsoft Windows, Exchange and Office environment. He is also an independent consultant who specializes in the design, implementation and management of Windows networks.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Microsoft Windows Server 2003 Administration How to install Windows Server 2003 patches when offline Validating Windows server clusters with ClusPrep Exploring the Windows Server 2003 Resource Kit: Clusfileport.dll Exploring the Windows Server 2003 Resource Kit: Cmdhere.inf and CMGetCer.inf Windows server security management: Security expert roundup Windows server management with Remote Desktop Avoid DC restoration problems with authoritative restore Exploring the Windows Server 2003 Resource Kit: Confdisk.exe Exploring the Windows Server 2003 Resource Kit: Compress.exe and Expand.exe Exploring the Windows Server 2003 Resource Kit: Clusterrecovery.exe Microsoft Windows Server 2003 Administration Research Windows Server Monitoring and Administration Mark Minasi, Microsoft MinWin and you Perfmon made easy with PAL utility DirectAccess means 'always on' in Windows Server 2008 R2 Top five Server Core management tips for Windows 2008 Top free tools for Windows server administration Windows Server 2008 Learning Guide A quick guide to Server Manager for Windows Server 2008 Moving dynamic disks to a new Windows server A first look at Storage Explorer for Windows Server 2008 Tips for Windows domain controller optimization Microsoft Internet Information Services (IIS) Small changes go a long way with IIS 7.5 IIS gets patched, SQL Server not so much Internet Information Services (IIS) sees big changes in Windows Server 2008 How to keep IIS logs from filling up your server hard drives A first look at Internet Information Services 7.0 Free security tools that can improve IIS security New IIS 7 security adds value to Windows Server 2008 How can I prevent Internet access with Windows SBS? When and how to use worker process recycling with IIS Windows Process Activation Service in IIS 7.0

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary IIS  (SearchWindowsServer.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary