SSL certificate is not getting binded with iis https binding on update.RSS

5 replies

Last post Jan 22, 2021 06:35 AM by Brucz

  • SSL certificate is not getting binded with iis https binding on update.

    Jan 20, 2021 10:50 AM|raunak.omar|LINK

    I have installed keyvault extention on vmss having windows server 2019 custom image.
    On updating the certificate in keyvault , extension pulls the updated certificate.
    But my binding with old certificate in iis , is not getting updated. Weired behavior is if any client tries to access the site using https://localhost , it is being served with the updated certificate.

  • Re: SSL certificate is not getting binded with iis https binding on update.

    Jan 20, 2021 05:33 PM|lextm|LINK

    It is Windows HTTP API that controls which certificate belongs to a binding, https://docs.jexusmanager.com/tutorials/https-binding.html#background So you should dig further to see what can explain the observed behaviors.

    Lex Li
    Affordable IIS Consulting Services at https://support.lextudio.com/services/consulting.html
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
  • Re: SSL certificate is not getting binded with iis https binding on update.

    Jan 21, 2021 05:35 AM|Brucz|LINK

    Hi raunak.omar,

    Is the certificate you updated in keyvault added to the server? Does the certificate have a private key?

    Due to the timeframe and some other issues, there may be differences in the list of certificates displayed in IIS,which affects the certificates bound to the site in IIS.

    To solve this problem, you can manually import the certificate into IIS

    Export certificate from certificates.msc concole to a certificate.pfx file. Please make sure to export it with a private key and password protect it. Once this is done you can import the certificate in iis by using import option instead of complete certification request. This keeps the certificate in server certificates console and you can bind the website to the certificate.

    Best regards,

    Brucz

    .NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today.
  • Re: SSL certificate is not getting binded with iis https binding on update.

    Jan 21, 2021 07:18 AM|raunak.omar|LINK

    Hello Brucz,

    Yes the certificate I updated in keyvault is getting added to server. Yes certificate has the private key.

    In iis binding the certificate is not getting updated but when client makes a request to server , it is getting the updated certificate.

    I was trying to create an automated pipeline so that if I update my certificate in keyvault , machines should get automatically and no need for redeployment of machines. So manual steps will not be possible in my case.

    Do you have any other suggestion or log location where I can look for more debugging.

  • Re: SSL certificate is not getting binded with iis https binding on update.

    Jan 21, 2021 07:20 AM|raunak.omar|LINK

    I tried checking with netsh command to know what certificate is binded with 443 but it is the old one . 

    Very confusing then how clients are able to pick updated certificate.

  • Re: SSL certificate is not getting binded with iis https binding on update.

    Jan 22, 2021 06:35 AM|Brucz|LINK

    Hi raunak.omar,

    I researched key vault and found that it is an extention on Azure, not about IIS.

    raunak.omar

    I tried checking with netsh command to know what certificate is binded with 443 but it is the old one

    This shows that the key vault is not fully working and there seems to be a problem with the function.

    I suggest you go to the Azure forum for help.

    Best regards,

    Brucz

    .NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today.