This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

We have an encrypted IIS web server -> IIS app server trace. Encryption is not 2 way, so the cert comes only from the app server side.

In order to decrypt the trace, I have to add the pre-go_live cert ( for "myURL-temp.company.com") to my SSL preferences first, then add in the post-go_live cert (myURL.company.com ) Then I can decrypt the traffic. Reverse that sequence of certs, and no joy.

"Client Hello" calls the pre-go_live URL:

myURL-temp.company.com

However, the server certificate exchanged is the post-go_live cert for " MyURL.company.com" , as expected.

Why in the world do I have to include the pre-go_live cert in the preferences? It's not showing up anywhere I can see in the cert exchange.

Does IIS somehow use both certs to do the encryption? ( I'm a Unix guy - you could put in a teaspoon what I know about IIS).

asked 21 Feb '14, 09:16

chavid's gravatar image

chavid
11112
accept rate: 0%

Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×18
×9

question asked: 21 Feb '14, 09:16

question was seen: 1,142 times

last updated: 21 Feb '14, 09:16

p​o​w​e​r​e​d by O​S​Q​A