Home / server / Questions / 846819
In Process
Simon
Asked: 2017-04-27 22:06:30 +0800 CST

IIS Centralized Certificate Store not using certificate when loading in browser

  • 772

I have done the following:

  • Installed the Centralized Certificate Store feature
  • Created a network share and set the passwords
  • Created example.com.pfx and www.example.com.pfx files in the share
  • Verifed that my certificates are listed in IIS under Centralized Certificates
  • Selected Require Server Naem Indication and Use Centralized Certificate store for my domain and created a site binding for the correct IP address and hostname example.com
  • Stopped all websites except the one I'm working on.

My browser does not pick up the certificate!

It picks up the machine certificate.

iis

1 Answers

  1. You must ensure that Require Server Name Indication is enabled for ALL https site bindings on all sites. You have to globally use SNI or the centralized store gets confused.

    It doesn't matter:

    • If they are in websites that are disabled
    • If they are NOT using the centralized store themselves.
    • If they are using the machine certificate or another one

    enter image description here

    TIP: I think I finally figured out WHY this is happening to me.

    If you like to hit Tab, Space, Tab, Space to select checkboxes you need to SLOW DOWN. There's a strange bug somewhere and if you do Tab, Space, Tab too quickly it won't actually select the checkbox. So I think I was just zooming through many site bindings and some of them got skipped.

    • 0