?
Solved

Why does IIS continue to show an old certificate?

Posted on 2009-12-27
4
Medium Priority
?
732 Views
Last Modified: 2012-05-08
On one of our servers, we have a number of sites which share an IP and SSL using a wildcard (sitename.encryptedsecure2.com), with the SSL cert common name *.encryptedsecure2.com.  This has worked very well for years.

Every year I renew our SSL certificate.  Typically a very simple process to generate the renewal and then process it through godaddy.

This year, godaddy is no longer generating 1024bit certs, and I couldn't change the big depth during the renewal, so I generated a new certificate instead.  All the information (except for bit depth) was the same as the previous cert.

When I look at the certificate properties from the IIS admin (view certificate) it has the correct date expiring in 2010, however, whenever I browse to the page, I get the old cert instead (2009).

The 2009 cert is expiring in 1 day..  

We have also tried:
- rebooting
- changing the SSL cache timeout to 2 minutes (http://technet.microsoft.com/en-us/library/cc781248(WS.10).aspx)
- verified that the certificate checksum is the same between IIS properties (view certificate) and the certificate store (personal)
- loading in the new godaddy intermediates, etc (http://help.godaddy.com/article/4875)

However, it continues to only use the 2009 cert.  If I delete the 2009 cert, the sites break and I can't get them going again with a new cert.

It's like something is preventing IIS from using the new certs, and hanging onto the old cert, but I can't figure out what.  Help!
0
Comment
Question by:modernearth2
  • 2
4 Comments
 
LVL 31

Expert Comment

by:James Murrell
ID: 26126722
Have you completely removed the old certificate from the Local machine certificate store on your server ? If it is removed from there then there's no way IIS can still be using the old certificate. You can also try clearing the SSL state from your browser if you are using IE.
0
 
LVL 21

Expert Comment

by:farazhkhan
ID: 26126728
Hi,

Have you completely removed the old certificate from the Local machine certificate store on your server ? If it is removed from there then there's no way IIS can still be using the old certificate. You can also try clearing the SSL state from your browser if you are using IE.

How to troubleshoot problems accessing secure Web pages with Internet Explorer 6 Service Pack 2: http://support.microsoft.com/kb/870700

And you could also try running SSLDiag if you are still unable to resolve the issue.

SSL Diagnostics Version 1.1 (x86): http://www.microsoft.com/downloads/details.aspx?familyid=cabea1d0-5a10-41bc-83d4-06c814265282&displaylang=en

Courtesy: http://forums.iis.net/t/1154007.aspx

Regards,
Faraz H. Khan
0
 

Author Comment

by:modernearth2
ID: 26127575
Yes, I tried removinng the cert (after I exported it as a backup).

Browsers would then get an error accessing the page - it still wasn't using the cert which it says was attached.

Remember - IIS "view certificate" shows the right certificate, but doesn't actualy send the right cert to browsers.  I have compeltley reset the cert states on browsers (as well as using multiple browsers/pc's)..
0
 

Accepted Solution

by:
modernearth2 earned 0 total points
ID: 26127735
Hi - ok, we figured it out.

We are using a wildcard cert, and have multiple sites sharing the IP address.

We needed to STOP all the sites and then start them again.

My guess - the host headers are encrypted and need to be decrypted before IIS can determine what site to send the visitor to, and was therefore using one of the old certificates which was assigned to one of the other sites which still had the old cert.

Stopping all sites and then restarted them all cleared it.  (Had tried multiple IIS restarts which didn't work, but this does).

Thanks to everyone for assistance.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Screencast - Getting to Know the Pipeline
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question