0
We have a website which we cannot access from Chrome or Firefox, but can be accessed from IE and Edge. The problem occurs when we disable TLS 1.0 and 1.1 on the IIS server. When TLS 1.0 and 1.1 are enabled, the site can be accessed by all browsers. We have spent several days looking into this, and trying various suggested fixes. What can we do to make the site accessible even in Chrome and Firefox?
The site is a webclient for Microsoft Dynamics NAV. It is running on IIS 8.5 and Windows 2012 R2. The browsers and Windows machines all have the latest updates. We originally had a root certificate that use SHA1 as "Signature Hash Algorithm", and the website was not accessible from any browser, when TLS 1.0 and 1.1 are disabled.
We now have a certificate, and intermediate and root certificates, that all use SHA256 as "Signature Hash Algorithm", and SHA1 as thumbprint algorithm, and we can at least access the site in IE and Edge. But we still get ERR_CONNECTION_RESET in Chrome, and “Secure Connection Failed” in Firefox.
AFarr
Posted 2019-04-09T13:57:43.477
Reputation: 1
Hi @Rhys, In the Internet Properties Advanced settings, TLS 1.0, 1.1 and 1.2 are all ticked, and we still can't access the website with Chrome. You said "[if] your site in IIS is set to use TLS 1.0-1.1". We disabled TLS 1.0 and 1.1 from the Windows registry. Is there a way to enable or disable TLS protocols from within IIS? – AFarr – 2019-04-12T08:46:52.010
Disabling through the registry is fine there is no front end in IIS for that, I meant that IIS will use those TLS registry settings. Are you able to access with http and not https? Also just to confirm, did you reboot the server after configuring the http/https bindings with the certificate? – RhysPickett – 2019-04-12T10:02:04.763