Centralized Certificates and IIS10 - Still using old cert on rollover

Question

Every year we reissue our SSL Certificate and we just recently started using Centralized Certificates in IIS.

We exported our Certificate into the Centralized Certificate store and everything looks recognized and appropriate.

We removed the older cert, that will be expiring soon from the Centralized store.

However, it looks like the old cert is still being served up when checking the certificate in chrome and there is no way to directly specify which Centralized Certificate your service is using:

Note that there is no need to select a specific corresponding certificate to be used. Through the use of the naming contract, the corresponding certificate is selected automatically. In this example, IIS tries to read centralcert0.pfx from the central SSL certificate file share.

Maybe when the old cert expires it will rollover to the new cert...but we'd like to test the newly issued certificate and ensure it is working properly.

How do you uncache the certificate or specify which cert a service should use?

Answer 1

You can try to manually specify a new certificate in IIS:

1. Open IIS Manager, expand the web server, expand sites
2. Right click Default Website or the website in question and click "Edit Bindings…"
3. Next select port 443 in the bindings list, or any other ports using SSL
4. Click the SSL certificate dropdown to select the desired certificate (you can click View to verify the properties of the cert are what you expect)