question

AlexLu-7612 avatar image
0 Votes"
AlexLu-7612 asked SamWu-MSFT commented

SSL Certificate Settings deleted for endpoint: 0.0.0.0:443

Hi team,

I met random SSL Certificate Settings deleted for endpoint: 0.0.0.0:443 problem on my IIS server. and actually, the problem happens on site3, the cert-A is unbound by somehow on site3 which is run on port 6003, but the event log shows the problem is relate to port 443 which is used by site4, problem should happens on site 4 rather than site3. it's quite weird.

I run 4 sites inside my IIS instance, I have 2 certificates , one is internal-trusted cert-A, the other one is commercial cert-B
site1 bind to 6001 with cert-A
site2 bind to 6002 with cert-A
site3 bind to 6003 with cert-A
site4 bind to 443 with cert-A and also bind to 4443 & 5443 with cert-B

what will cause SSL Certificate Settings deleted for endpoint: 0.0.0.0:443 problem in my case?

will it cause problem if two different certificates bound to the same site on two different ports(which is site4) ?

will it cause problem if SSL binding and SNI binding apply to same site (Although I don't use that in my sites) ?

how to get more detail log for that SSL issue rather than the one show in event logs ?


A lot of answers from the internet are like below, however it's not , I can't find that kind of setting in applicationHost.config . 

 The SSL binding for the website has been deleted and not replaced, or has been deleted and replaced with invalid certificate info. The problem occurs because of a legacy SSL certificate hash property interfering with the current SSL binding, resulting in the correct binding being deleted.
 Resolution
    
 Locate the following property in the <CustomMetaData> section of the applicationHost.config file, and delete it:
    
    
 <key path="LM/W3SVC/X">
      <property id="**5506**" dataType="Binary" userType="1" attributes="None" value="oXiHOzFAMOF0YxIuI7soWvDFEzg=" />
 </key>





windows-server-iis
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SamWu-MSFT avatar image SamWu-MSFT ·

@AlexLu-7612 The configuration file applicationHost.config is located in the %WinDir%\System32\Inetsrv\Config folder, please check if the file path is correct. and are you using Azure Cloud Service? If yes, you will need to have access to Visual Studio solution to implement a valid certificate. for more information you can refer to this link: SSL Certificate Settings deleted.

0 Votes 0 ·

1 Answer

AlexLu-7612 avatar image
0 Votes"
AlexLu-7612 answered SamWu-MSFT commented

@SamWu-MSFT , yes, it locates in %WinDir%\System32\Inetsrv\Config, I don't see it contains <property id="**5506**" dataType="Binary" userType="1" attributes="None" value="oXiHOzFAMOF0YxIuI7soWvDFEzg=" />

And yes, we use Azure Cloud Service , but our IIS is running inside a VM in Azure Cloud Service, is there any difference ? "Visual Studio solution" what does it mean , not quite get that.

BR

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SamWu-MSFT avatar image SamWu-MSFT ·

@AlexLu-7612


but our IIS is running inside a VM in Azure Cloud Service, is there any difference ? "Visual Studio solution" what does it mean , not quite get that.

If it’s an Azure Cloud Service, the certificate might be controlled by the source code. so you need to have access to Visual Studio solution to implement a valid certificate.

and you can also check if the site is using a wildcard certificate. This issue occurs when the wildcard certificate has been imported without marking the keys as exportable. In order to solve it, the affected certificate should be uninstalled and it should be imported back again with marking the keys as exportable.

0 Votes 0 ·