Friday, May 16, 2014

SSL certificate replaced, but site delivers old one still?

So  I encountered this scenario where the SSL was replaced but the site is still serving the old SSL on a site hosted on IIS 8. You keep checking it on the IIS manager but its already set to the correct SSL Certificate but still you are being presented when browsing the site with an old SSL. How do you solve it ?

It turns out the IIS 8 may have keep another SSL record on its own metabase. You need to reset this in order for the SSL Cert that you've added to take over.

First things first, get the thumprint of your SSL. This is gathered by doubleclicking the Certificate from the MMC (certificate snap-in) and then browsing the properties and looking up the Thumbprint similar to the one shown below :

Then run this command on your server :

Now look at the list of SSL Certs if IP and Port Number in the list has a different thumbprint with the correct SSL. If it is, then most likely the IIS is serving the incorrect SSL.

You can delete this on your server by using the command :

Make sure to specify the correct ipport values, which is similar to the IPPort values on the list earlier.

When done, restart your IIS and then re-assign the SSL Certificate to your site.

Afterwards browse and you will see that your site is serving the correct SSL Certificate.

Please leave comments if this helped you.

1 comment:

  1. Great, thanks. Helped me so much. I'm always looking for blogs like yours to help me solve this tech stuff. So glad the internet lives.