Hi,
We have multiple server on Windows 2012R2 server std and 2008R2 server std who will get data from HTTPS website based on Linux server.
Since the automatic renewal certificate on mi-september, our application pools on windows 2012r2 servers, can’t get data from the HTTPS website whereas when we go on the website from Internet Explorer on the same server, we don’t have any problem with certificate.
This problem occurs only on the 2012r2 server, not on the 2008r2.
Hi and thanks for your reply
The code do a sort of cURL from a XML file to load data as you understanded.
We see nothing errors .
the most stange, is that before the renewal, it worked perfectly. The certificate was renewed at the same time (2008r2 & 2012r2) and only 2012r2 have problems
Perhaps the 2012R2 system has updated to only support newer ciphers/protocols.
And your server can’t provide any that 2012R2 will use.
Or your server is using DHE ciphers with DH primes that are no longer supported by 2012R2 system.
I agree with @rg305's idea that the 2012r2 server may have removed support for older cryptographic techniques, while the other system might still support the older technologies. It would be good to know what cryptographic libraries are in use on each system, and what the ciphersuite configuration on the newer system is.
@rg305's concern about Diffie-Hellman is also a possible explanation in principle, because there have been upgrades over time to the Diffie-Hellman support in both clients and servers. One possibility is that the Linux system uses a relatively modern standard for DH with a large prime number, while perhaps the 2012 client doesn't allow such a large prime, and perhaps the 2008 client doesn't use any kind of DH at all.
Anyway, more information about the client, more logging, and attempting with the command line version of curl would be helpful!