Hi Guys,
Hoping someone here can help.
Running Windows 2008R2, IIS 7.0, Site running in .net v4.0
Today I replaced the SSL certificate for an internal IIS site, previously the certificate was self signed, out of date and using SHA1. We have now gone with an external trust certificate using SHA2.
Immediately after updating the binding to use the new certificate Event ID's 36888 started being generated, additionally whenever any user hits the site it goes straight to Reset Connection. Doesn't matter if trying to access the site locally on the server or elsewhere.
Event 36888
Schannel
The following fatal alert was generated: 80. The internal error state is 1250.
The following fatal alert was generated: 80. The internal error state is 1051.
As part of an earlier separate Security Remediation we disabled the following Ciphers:
DES 56
RC2
RC4
Triple DES
The following Protocols were also disabled however the registry keys for these have been removed, effectively re-enabling the Protocol
PCT 1.0
MD5
SSL 2.0
SSL 3.0
If I change the certificate to use the old SHA1 certificate the site comes back up.
Any help greatly appreciated.
Cheers