I've got IIS 10 on a Server 2019 instance with a Centralized Certificate Store configured.
The CCS looks valid in IIS. Certs are loaded and display no warnings or errors, but requests to any site returns a TCP reset.
- If I manually install the cert from the CCS into IIS it works too, so it's not a cert problem.
- I've verified with Wireshark that the Client Hello is including the the correct SNI host name that matches the file name in my CCS.
- Per this question, I've checked that Require SNI is enabled on all https bindings on the entire server (there are only two and both on the same site)
- The output of
netsh http show sslcertlooks like this:
How can I debug this further? Is there some cert store log where I can get more details on failed requests (inetpub and httperr don't include them)?
