{"id":11986,"date":"2026-02-04T17:32:58","date_gmt":"2026-02-04T22:32:58","guid":{"rendered":"https:\/\/www.rushworth.us\/lisa\/?p=11986"},"modified":"2026-05-07T14:59:09","modified_gmt":"2026-05-07T19:59:09","slug":"client-connections-to-https-iis-site-fail-after-upgrade-to-windows-server-2022","status":"publish","type":"post","link":"https:\/\/www.rushworth.us\/lisa\/?p=11986","title":{"rendered":"Client Connections to HTTPS IIS Site Fail After Upgrade to Windows Server 2022"},"content":{"rendered":"<h3>Client connections to the HTTPS IIS site failed with the following error:<\/h3>\n<p>Secure Connection Failed<\/p>\n<p>An error occurred during a connection to certmgr-dev.uniti.com.<\/p>\n<p>PR_CONNECT_RESET_ERROR<\/p>\n<p>Error code: PR_CONNECT_RESET_ERROR<\/p>\n<p>The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.<\/p>\n<p>&nbsp;<\/p>\n<p>The IIS site was set to \u201caccept\u201d client certificates.<\/p>\n<ul>\n<li>Client Certificates = Accept means IIS\/HTTP.sys will try to retrieve a client certificate only if the app touches Request.ClientCertificate (or a module that maps\/validates client certs). That retrieval is done via TLS renegotiation in TLS 1.2.<\/li>\n<li>On Server 2022, browsers prefer TLS 1.3. TLS 1.3 does not support the old renegotiation used to fetch a client cert mid\u2011request. When your app\/module at \u201c\/\u201d accesses the client cert, IIS attempts renegotiation, fails, and the connection is reset.<\/li>\n<\/ul>\n<p>Setting Client Certificates to \u201cIgnore\u201d in the site&#8217;s &#8220;SSL Settings&#8221; prevents IIS from attempting to renegotiate, so the site loads. This obviously isn\u2019t a solution if you want to <em>use<\/em> client certificates to authenticate \u2026 but we\u2019re authenticating through Ping, so don\u2019t actually <em>need<\/em> the client certs.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Client connections to the HTTPS IIS site failed with the following error: Secure Connection Failed An error occurred during a connection to certmgr-dev.uniti.com. PR_CONNECT_RESET_ERROR Error code: PR_CONNECT_RESET_ERROR The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30],"tags":[338,136,2168],"class_list":["post-11986","post","type-post","status-publish","format-standard","hentry","category-system-administration","tag-iis","tag-windows","tag-windows-2022"],"_links":{"self":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/11986","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11986"}],"version-history":[{"count":2,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/11986\/revisions"}],"predecessor-version":[{"id":12193,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/11986\/revisions\/12193"}],"wp:attachment":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11986"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11986"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11986"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}