Ping a Specific Port

Question

Fionn

Asked: 2018-08-16 18:12:14 +0800 CST2018-08-16 18:12:14 +0800 CST 2018-08-16 18:12:14 +0800 CST

IIS Windows 2016 ecdsa signed certificate

772

Does anyone know if IIS supports certificates signed with sha256ecdsa?

If viewed with openssl, i have the following parameters: Signature Algorithm: ecdsa-with-SHA256 Public Key Info: NIST CURVE: P-384

The problem is with this certificate I can't get a successful TLS handshake. I wonder if the problem is the signature algorithm or the ECDSA curve (both the certificate and the CA use P-384 public keys).

1 Answers

Voted

Fionn · Answer 1 · 2018-08-17T04:47:18+08:00

Best Answer

Fionn

2018-08-17T04:47:18+08:002018-08-17T04:47:18+08:00

The problem was that P384 cipher suits are not enabled by default it seems.

I solved it using GPO with a set "Computer Configuration->Administrative Templates->Network/SSL Configuration Settings->SSL Cipher Suite Order"

I added ciphers such as "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384".

After this it could use the certificate as expected.

1

IIS Windows 2016 ecdsa signed certificate

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?