Wrong certificate being used when using different browsers

[alexhen]

Hello,
I am using a Windows server 2019 with IIS and active websites, for some reason when i enter a website that exits in our IIS with HTTPS with valid R3 certificate from our server it loads an expired certificate ( i have tried Chrome Edge and Mozilla to test this). I entered me certificate manager using MMC and i cant find this certificate anywhere on the server (and the updated certificate is chosen in the binding options), i reinstalled all the browsers i even removed the new certificate that was granted to the website and created a new one but still the same error. This problem occurs only in the server and not on any other computer. What could be the problem?
Thank you in advance

 

[Neemobeer]

My guess is there is a mismatch between the store selected in IIS and MMC cert store. Make sure you are in the 'local computer' context in MMC on not current user. IIS uses computer certs

 

[alexhen]

i checked the "local computer" certificates and "current user" certificates and i did not find any certificate that matches the certificate that is used by the browsers, that what makes me so confused.

 

[Neemobeer]

Look in IIS > Certificates and see what cert store is in use. It doesn't have to be personal

 

[alexhen]

All the certificates are up to date and the proper one is binded to the website

and this is the Certificate that is binded to the site

 

[alexhen]

I found the problem, i have two servers (one production and and the second is a hot standby) when i entered the website the request went to the standby server where the certificate was old (only renewed in case of a crash) and not the to the server itself, i just shutdown the iis service at the standby.

 

[Rex M]

You may be experiencing a Windows Server 2019 with an IIS issue for a number of reasons. A cached copy of the SSL certificate that is the problem could be one of the typical reasons. To increase performance, browsers save SSL certificates in the cache, and occasionally the old or expired certificate may be loaded in place of the new one. This problem could be resolved by deleting the cache from the browser.

The certificate chain issue can be another factor. Make that the root certificate is trusted and that the intermediate certificate is installed appropriately. It's crucial to confirm that IIS is using the right certificate. Make that the appropriate certificate is chosen in the IIS bindings.

Another possibility is that the server's time and date may incorrect, which could affect SSL certificates because they include expiration times and dates. Verify the time and date on the server to make sure they are accurate.

Determine whether the firewall or antivirus program is preventing SSL connections. Disable the firewall and antivirus software for a while to see if that fixes the problem. If none of the aforementioned steps works, It is advised to seek extra help from a knowledgeable IT specialist.

 

[Rex M]

The old certificate may be cached somewhere on the server or on the client's computers. Here are a few things you can try:

Go to your web browser's settings and clear the cache, cookies, and history. Then try to access the website again.

To clear the SSL cache on your server, type "netsh http show sslcert". Using this command, you will find out which SSL bindings are in use on the server. Locate the binding for the website in question and note its "Certificate Hash" and "Application ID". Use the following command to delete the cached SSL certificate. Then type "netsh http delete sslcert ipport=0.0.0.0:443 certhash=<certificate hash> appid=<application ID>". This will delete the cached SSL certificate for the website. Then try to access the website again.

Check for other software that may be intercepting SSL traffic:
In some cases, antivirus software or other security software may intercept SSL traffic and replace the SSL certificate with their own. Try disabling such software temporarily to see if that resolves the problem.

Check if the system date and time are correct:
There is an expiration date and time on SSL certificates. If the system date and time are incorrect, SSL errors may occur.

If none of these steps work, you may need to consult with a Windows server expert for further solutions.