For installation of a certificate I needed to install the root and intermediate certificates as well. This was recognized (after IIS reset) by Firefox and IIS at once, but not by IE, Opera or Network4All. After a physical restart it was recognized by all.
My question is: how can I install the root and intermediate certificates without restarting the entire server? (and, of less importance, come that Firefox recognized this at once, but others didn't)?
I think you are seeing Firefox work because firefox most likely already had copies of the root and intermediate installed in its own stores, (which I have mixed feelings about). It seems like browsers are frequently importing intermediate certificates as well as roots into their own keystores now. That's one reason why I use cURL and the CA-provided certificate validation tool to verify the installation whenever I replace a cert.
I've had the problems with IIS you are describing if I installed the cert prior to installing the Intermediate cert but never had issues if the intermediate certs were imported prior to importing the server cert. Unfortunately, depending upon the CA, one does not always realize that the intermediate cert has been replaced until server cert verification is being performed.
I spent one day trying to configure the right certificate chain on a windows 2008 R2 server and I realized after several hours that in my case the only IIS restart didn't work.
The right solution was to import the right certificates using MMC snap in the Root certificate authority and in the Intermediate certification authority, restart the web server and the certificate chain started to work.
This on IIS 7.5 Windows 2008 R2.
Root certificate installation on Windows should never require a restart. Something else is going on here.
Worst-case, a logoff/logon should have worked - the apps you're describing all look like they're client/user-space apps, and terminating the process and restarting it is likely enough.