Overview
The recommended toolset for troubleshooting problems related to Secure Socket Layers (SSL) or certificates. Aimed at expediting troubleshooting, SSL Diagnostics (SSLDiag) offers several key features aimed to isolating the particular problem. Most SSL failures are caused by one of two failure points -- IIS configuration or certificates.
SSLDiag allows administrators and developers to effectively determine if their configuration is invalid and offers possible solutions.
In often complex problems such as permission and store failures with certificates, SSLDiag offers users the ability monitor real-time traffic as it comes to the troubled website. This feature, commonly referred to SSLMon, will restart IIS and start logging all data pertaining to SSL and IIS and store in a log file for later reviewing.
SSLDiag can be used locally only on the server with the current failure and requires Adminstrative privileges to run. A easy-to-use user interface is available for users who prefer to use graphical interfaces while also all features are also available at the command-line. If using a large shared hosting environment with many, many websites, it is recommended that you instruct SSLDiag to start and only analyze the configuration for the site currently having failures. By default, SSLDiag will analyze all configuration on the entire server often causing delays because of the large installations. Users can do this by using the switch at the command-line /siteid:{site instance} as defined by the IIS configuration. For more information, please refer to the SSL Diagnostics help.
Features
- Two-modes of operation: User interface and Command-line
- Command-line functionality to create self-signed certificates
- Create temporary testing certificates using user interface at IIS virtual server (site) level
- Simulates SSL Handshake and view raw response data
- User interface offers help for configuration checks to aid user in understanding why the tool checks this information and how that information is configured
- Real-time monitoring (SSLMon) for SSL handshakes and client certificates and supported using user interface & command-line
Benefits
SSLDiag 1.1 is an update to 1.0 that primarily offered the following enhancements:
- Single site checking versus 1.0 behavior of checking all sites on the system (while you are only interested in one site)
- Start SSLDiag 1.1 from the command-line to use this feature
- See SSLDiag 1.1 Help using ssldiag /? on instructions using this functionality
- Enhanced monitoring using SSLMon for handshakes (1.0 supported only Client Certificate monitoring)
- Fully implemented IIS 6.0 Resource Kit Tool SelfSSL in SSLDiag 1.1 command-line
Requirements
SSLDiag 1.1 supports the following operating systems:
- Windows Server 2003 & IIS 6.0
For 64-bit Windows systems, see the following:
- SSL Diagnostics 1.1 (x64)
- SSL Diagnostics 1.1 (ia64)