I have an IIS server with a public certificate from one of the big guys. Chrome says:

"Your connection to mydomain.com is encrypted using an obsolete cipher suite. The connection uses TLS 1.2. The connection is encrypted using AES_128_CBC, with HMAC-SHA1 for message authentication and RSA as the key exchange mechanism"

I created the initial CSR on a Windows 2008 R2 server using the certificates MMC and "Advanced > Create custom request.  For the private key I chose 2048 length and SHA384 algorithm.  

What other option(s) in here will lead to me have a cipher suite that isn't "obsolete"?  I chose RSA as the Cryptographic Service Provider. Do I need to choose something else in the list instead?

Thanks!

On Thu, 20 Aug 2015 20:10:34 +0000, CCSys wrote:

I have an IIS server with a public certificate from one of the big guys. Chrome says:

"Your connection to mydomain.com is encrypted using an obsolete cipher suite. The connection uses TLS 1.2. The connection is encrypted using AES_128_CBC, with HMAC-SHA1 for message authentication and RSA as the key exchange mechanism"

I created the initial CSR on a Windows 2008 R2 server using the certificates MMC and "Advanced > Create custom request.  For the private key I chose 2048 length and SHA384 algorithm.  

What other option(s) in here will lead to me have a cipher suite that isn't "obsolete"?  I chose RSA as the Cryptographic Service Provider. Do I need to choose something else in the list instead?

You should check with the public certificate pro