On one of our servers, we have a number of sites which share an IP and SSL using a wildcard (sitename.encryptedsecure2
.com), with the SSL cert common name *.encryptedsecure2.com. This has worked very well for years.
Every year I renew our SSL certificate. Typically a very simple process to generate the renewal and then process it through godaddy.
This year, godaddy is no longer generating 1024bit certs, and I couldn't change the big depth during the renewal, so I generated a new certificate instead. All the information (except for bit depth) was the same as the previous cert.
When I look at the certificate properties from the IIS admin (view certificate) it has the correct date expiring in 2010, however, whenever I browse to the page, I get the old cert instead (2009).
The 2009 cert is expiring in 1 day..
We have also tried:
- changing the SSL cache timeout to 2 minutes (http://technet.microsoft.com/en-us/library/cc781248(WS.10).aspx
- verified that the certificate checksum is the same between IIS properties (view certificate) and the certificate store (personal)
- loading in the new godaddy intermediates, etc (http://help.godaddy.com/article/4875
However, it continues to only use the 2009 cert. If I delete the 2009 cert, the sites break and I can't get them going again with a new cert.
It's like something is preventing IIS from using the new certs, and hanging onto the old cert, but I can't figure out what. Help!