Category: Microsoft IIS

Windows IIS with PHP: Curl (60) SSL Certificate Problem: Unable to get local issuer certificate

Martin 23/03/2017

When adding PHP to your IIS installation on a Windows server, and you afterwards add SSL to it, everything may work at first hand, but if you need to run some curl scripts, that accesses the server with https://, you may run into this error: “Curl (60) SSL Certificate Problem: Unable to get local issuer certificate” This is due to the missing CA Cert from Mozilla, that PHP needs to have in it’s SSL directory,… Windows IIS with PHP: Curl (60) SSL Certificate Problem: Unable to get local issuer certificate

Read More Windows IIS with PHP: Curl (60) SSL Certificate Problem: Unable to get local issuer certificate

Exchange 2016 and Windows Server 2016 OWA issue

Martin 16/03/2017

When using Exchange 2016 with Windows Server 2016, you may get this issue, when you open OWA: “ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY” This is displayed in Google Chrome. This is due to enabled SSL ciphers that are outdated on IIS, and can be “lock down’ed” with this free utility: https://www.nartac.com/Products/IISCrypto Run it on the Exchange server and press “Best Practices” and Apply, reboot the server, and everything is now fixed 🙂

Read More Exchange 2016 and Windows Server 2016 OWA issue

Compliance check: IIS leaks internal IP

Martin 21/12/2016

During security audit scans, it is sometimes seen that a Microsoft Internet Information Services (IIS) server is exposing the servers internal ip, when a speciel get request is sent to the server. This can be due to misconfig, unpatched server or maybe something that is default. It can be amended by running this on IIS servers from 2008 R2 and up: appcmd.exe set config -section:system.webServer/serverRuntime /alternateHostName:”mail.domain.com” /commit:apphost Reboot is not needed and now it will… Compliance check: IIS leaks internal IP

Read More Compliance check: IIS leaks internal IP