Self-Signed Cert with TLS 1.2

ssl iis self-signed tls1.2
11,405

Solution 1

No, it is not possible

SSL/TLS in all versions works with x509 digital certificates. The difference between TLS versions is the protocol rules, not the certificate.

The browser warns usually when the used protocol is old(consideres less secure) or the certificate is not trusted

Solution 2

Eventually figured this out. The answer is kinda dumb...

On Windows 7 / Windows Server 2008 R2, the TLS 1.2 protocol is installed, but disabled by default. When Big Brother pushed everybody to TLS 1.2, they did it with SCHANNEL registry entries, but they did not create the "DisabledByDefault" entry set to "0" so it blew up the security of all the Windows 7 users on the domain.

So, if you're going to use registry hacks to push users over to TLS 1.2, be sure to follow the instructions from Microsoft and remember to create a "DisabledByDefault" entry in the TLS 1.2 SCHANNEL key. :-)

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786418(v=ws.11)

Share:
11,405
Kevin Herrick
Author by

Kevin Herrick

Updated on June 07, 2022

Comments

  • Kevin Herrick
    Kevin Herrick almost 2 years

    I'm a novice in regards to Transport Layer Security stuff, to bear with me...

    I have some https web apps that I test locally using self-signed certs created with selfssl.exe. The company recently pushed new rules to everyone's machines that prevent the browsers from loading https sites that use anything other than TLS 1.2. However, my browsers give me certificate errors when I load my locally-hosted test stuff if TLS 1.0 is not enabled. Is it possible to generate self-signed certs that will work with my browsers if only TLS 1.2 is enabled?

    I'm using Windows 7 64 bit with IIS 7.5, and I test with a variety of browsers (IE 11, Firefox 46, and Chrome 50).

  • T.S.
    T.S. over 5 years
    The true answer for your question is that TLS/SSL have nothing to do with Self Certs. These are two things that cross-cut but not tight to each other. You can have self cert or any cert. If this is not signed by some authority, browser might complain. You can choose to trust this cert and browser will not complain anymore. In other words in configuration - CERT relates to IIS/Browser. TLS-Registry

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to create a self-signed certificate for a domain name for development on Windows 10 and below?
Self-signed cert for gRPC on Flutter
How to test https rest webservice in postman
IIS HTTP to HTTPS relative redirect
What does my installed .cer certificate not show in IIS?
Can you check/monitor the client certificates sent in requests using Wireshark?
CRYPT_E_NOT_FOUND when importing certificate
413 - Request Entity Too Large IIS and SSL
Dropwizard SSL service keep on returning error - Server aborted the SSL handshake
Invalid CA certificate with self signed certificate chain