I have an issue with IIS on WIndows Server 2019 and TLS 1.2.
I replaced the ROOT CA, and there are new installed trusted root certificates.
On IIS i have some sites that require ssl is set to true.
Now there are two scenarios using Firefox:
A GET on any site that requires TLS and from client (Firefox) send certificate that is issued by OLD ROOT CA and is still valid and http200 /ok.
BUT If rom client (Firefox / Chrome etc is the same) send cert that is issued by NEW ROOT CA (valid also) i receive a 403.7 from the server. (not see this in browser, it just asks again for certificate) https://i.stack.imgur.com/3Ovqz.png
I don't know why it shows 12s here?.
Response is instant and ON CLIENT i do not see 403.7, i see connection reset? https://i.stack.imgur.com/cp1GU.png How to try debug more?
and also strangest thing : If i do same get with same certificate issued by new root CA, but from postman, i receive a 200/ok how to find out why?
and second strangest thing : If i host same site that require ssl on other Windows Server 2019 server, it is OK with both certificates.
SO IT IS THIS ONE SERVER ISSUE WITH NEW CERTS CA / ISSUER.
**one more strange thing :** If I do same get but from server, via server IP or localhost, and send SAME new certificate, it is ok.
So ONLY when i go from REMOTE pc browser there is this issue, so I'm thinking about some netsh issues? No idea whats more to check.
New root ca is installed on both machines or client or server, and visible in mmc>certs machine trusted root ca in intermediate also ok etc.
On IIS is configured only ssl cert for https binding that matches the endpoint url, issued by new/old root CA no difference - connection reset from browser and ok from postman. And also if I import this new CLIENT certificate ON the server so I can check chain, the certificate chain ok and trusted.
IMHO if it works from localhost with the same client certificate, then IIS settings are 100% ok, so it must be something else? maybe something with netsh ? checked also and is the same as on second machine that works fine.
Please advice what's more to check or where can be the issue?
regards
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
