Problem in binding SSL cert to 2012 WServer.

Binding new SSL certificate to WServer 2012 problem.
I built the request per:
https://www.digicert.com/util/csr-creation-microsoft-servers-using-digicert-utility.htm.  Handed the request off to our infrastructure team where they purchased the new SSL.  The Team has sent me the new SSL certificates where I renamed appropriately from a .txt extension to a .cer externsion.

I have two test servers (and two prod servers)I need to update the SSL certificates for.   I have followed the steps outlined in this document for installing the SSL certificate:
https://support.comodo.com/index.php?/Knowledgebase/Article/View/1159/37/certificate-installation-microsoft-iis-8x


I can see on the server IIS where the certificate has been updated to 10/9/2020 in the Server Certificates; however, if I look under the padlock on the client's URL, the expiry date is still set for:  10/24/2018.  How do I propagate this out to the client?  This is the first time I've done this, and I have four 2012 servers to update ASAP.  Any guidance would be appreciated.
Jon DavidsonDeveloper/Nuclear UtilityAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Travis MartinezStorage EngineerCommented:
Have you validated from an SSL checker rather than the clients internet program?

https://www.digicert.com/help/

What does the response say here.
Jon DavidsonDeveloper/Nuclear UtilityAuthor Commented:
Travis,
The SSL test failed, "Unable to connect."
Travis MartinezStorage EngineerCommented:
Are the systems behind a load balancer and has the pfx been loaded to them?

*** Edit ***  I'm assuming it failed as they are internal sites and not externally facing
Webinar: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. Join us in our upcoming webinar as we discuss how to best defend against these attacks!

Jon DavidsonDeveloper/Nuclear UtilityAuthor Commented:
Travis
That assumption is correct.   After that failed test, I went to IIS  and clicked on the server in the left pane and double-clicked the server certificates and under the Action pane, I clicked on Create Certificate Request and created a csr file, and documented with screen shots every step I took.   I am doing this again to make sure
1.  Ensure the common name I used can be pinged.
2.  Wanted to make sure I was using the server software and not a downloaded digicert application.  
I don't have any experience doing this, so I am just trying to eliminate any place I could be making a mistake.   I am currently waiting on the new SSL certs for production and test.
Travis MartinezStorage EngineerCommented:
I'll be fair in that I've only had to deal with this a few times.  The portions that got me were not having the load balancer updated with the pfx exported from the server.  The second was after I installed it in the main IIS panel I didn't set the port binding on the webpage correctly.

Is it possible when you did the port binding the certificate you selected was the old one and not the new?  If they have the same domain name then the drop down will list both of them.  Use view to see the certificate details for the right one.ssl-pic.PNG
Jon DavidsonDeveloper/Nuclear UtilityAuthor Commented:
This website has not configured this form in the past.  I went to the production server, and the "Add Site Binding" app has not been used to configure the connection.
Something new I found.   Looking at the MMC
Console Root
  Personal
    Certificates

The SSL cert I am trying to install, in the properties does NOT have the text:  
"You have a private key that corresponds to this certificate."  

  I need to install the cert with a private key.   This is a requirement of any single socket layer certificate.   I have been able to do as much, though it is NOT straightforward.
PROBLEM:   When I reboot the server, and I access the site remotely (inward facing server on large network), the dates for the View Certificate in the URL are NOT updating.  I could really use some help.   I've tried everything short of a registry hack.  
Surely someone has had this issue in the past with an SSL cert.  This does not run in the IIS.   It is powered by Apache Tomcat 7.0.
Jon DavidsonDeveloper/Nuclear UtilityAuthor Commented:
Problem solved.   https://www.digicert.com/csr-ssl-installation/apache-openssl.htm

Problem solved.   https://www.digicert.com/csr-ssl-installation/apache-openssl.htm
Who would have known you are required to M-A-N-U-A-L-L-Y edit an httpd.conf file?   Bet I never forget that again!  Cheers!
<VirtualHost 192.168.0.1:443>
    DocumentRoot /var/www/html2
    ServerName www.yourdomain.com
        SSLEngine on
        SSLCertificateFile /path/to/your_domain_name.crt
        SSLCertificateKeyFile /path/to/your_private.key
        SSLCertificateChainFile /path/to/DigiCertCA.crt
    </VirtualHost>

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ssl cert

From novice to tech pro — start learning today.