Avatar of Jon Davidson
Jon Davidson
Flag for United States of America asked on

Problem in binding SSL cert to 2012 WServer.

Binding new SSL certificate to WServer 2012 problem.
I built the request per:
https://www.digicert.com/util/csr-creation-microsoft-servers-using-digicert-utility.htm.  Handed the request off to our infrastructure team where they purchased the new SSL.  The Team has sent me the new SSL certificates where I renamed appropriately from a .txt extension to a .cer externsion.

I have two test servers (and two prod servers)I need to update the SSL certificates for.   I have followed the steps outlined in this document for installing the SSL certificate:

I can see on the server IIS where the certificate has been updated to 10/9/2020 in the Server Certificates; however, if I look under the padlock on the client's URL, the expiry date is still set for:  10/24/2018.  How do I propagate this out to the client?  This is the first time I've done this, and I have four 2012 servers to update ASAP.  Any guidance would be appreciated.
* ssl certSSL / HTTPS

Avatar of undefined
Last Comment
Jon Davidson

8/22/2022 - Mon
Travis Martinez

Have you validated from an SSL checker rather than the clients internet program?


What does the response say here.
Jon Davidson

The SSL test failed, "Unable to connect."
Travis Martinez

Are the systems behind a load balancer and has the pfx been loaded to them?

*** Edit ***  I'm assuming it failed as they are internal sites and not externally facing
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Jon Davidson

That assumption is correct.   After that failed test, I went to IIS  and clicked on the server in the left pane and double-clicked the server certificates and under the Action pane, I clicked on Create Certificate Request and created a csr file, and documented with screen shots every step I took.   I am doing this again to make sure
1.  Ensure the common name I used can be pinged.
2.  Wanted to make sure I was using the server software and not a downloaded digicert application.  
I don't have any experience doing this, so I am just trying to eliminate any place I could be making a mistake.   I am currently waiting on the new SSL certs for production and test.
Travis Martinez

I'll be fair in that I've only had to deal with this a few times.  The portions that got me were not having the load balancer updated with the pfx exported from the server.  The second was after I installed it in the main IIS panel I didn't set the port binding on the webpage correctly.

Is it possible when you did the port binding the certificate you selected was the old one and not the new?  If they have the same domain name then the drop down will list both of them.  Use view to see the certificate details for the right one.ssl-pic.PNG
Jon Davidson

This website has not configured this form in the past.  I went to the production server, and the "Add Site Binding" app has not been used to configure the connection.
Something new I found.   Looking at the MMC
Console Root

The SSL cert I am trying to install, in the properties does NOT have the text:  
"You have a private key that corresponds to this certificate."  

  I need to install the cert with a private key.   This is a requirement of any single socket layer certificate.   I have been able to do as much, though it is NOT straightforward.
PROBLEM:   When I reboot the server, and I access the site remotely (inward facing server on large network), the dates for the View Certificate in the URL are NOT updating.  I could really use some help.   I've tried everything short of a registry hack.  
Surely someone has had this issue in the past with an SSL cert.  This does not run in the IIS.   It is powered by Apache Tomcat 7.0.
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Jon Davidson

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.