集中式证书和IIS10 – 在轮换时仍然使用旧证书

huangapple go评论56阅读模式
英文:

Centralized Certificates and IIS10 - Still using old cert on rollover

问题

每年我们都会重新发布我们的SSL证书,最近我们刚刚开始在IIS中使用集中式证书。

我们将我们的证书导出到了集中式证书存储中,一切都看起来被识别并且合适。

我们从集中式存储中删除了即将过期的旧证书。

然而,当在Chrome中检查证书时,似乎仍然提供了旧证书,并且没有直接指定服务使用哪个集中式证书的方法:

请注意,无需选择特定的相应证书来使用。通过使用命名契约,相应的证书会自动选择。在这个例子中,IIS尝试从集中式SSL证书文件共享中读取centralcert0.pfx。

也许当旧证书过期时,它会切换到新证书...但我们想测试新发布的证书,并确保它正常工作。

如何取消缓存证书或指定服务应该使用哪个证书?

英文:

Every year we reissue our SSL Certificate and we just recently started using Centralized Certificates in IIS.

We exported our Certificate into the Centralized Certificate store and everything looks recognized and appropriate.

We removed the older cert, that will be expiring soon from the Centralized store.

However, it looks like the old cert is still being served up when checking the certificate in chrome and there is no way to directly specify which Centralized Certificate your service is using:

> Note that there is no need to select a specific corresponding
> certificate to be used. Through the use of the naming contract, the
> corresponding certificate is selected automatically. In this example,
> IIS tries to read centralcert0.pfx from the central SSL certificate
> file share.

Maybe when the old cert expires it will rollover to the new cert...but we'd like to test the newly issued certificate and ensure it is working properly.

How do you uncache the certificate or specify which cert a service should use?

答案1

得分: 1

你可以尝试在IIS中手动指定一个新的证书:

  1. 打开IIS管理器,展开Web服务器,展开站点
  2. 右键单击“默认网站”或相关网站,然后单击“编辑绑定...”
  3. 接下来,在绑定列表中选择端口443,或者任何其他使用SSL的端口
  4. 单击SSL证书下拉菜单,选择所需的证书(你可以单击“查看”来验证证书的属性是否符合你的期望)
英文:

You can try to manually specify a new certificate in IIS:

  1. Open IIS Manager, expand the web server, expand sites
  2. Right click Default Website or the website in question and click "Edit Bindings…"
  3. Next select port 443 in the bindings list, or any other ports using SSL
  4. Click the SSL certificate dropdown to select the desired certificate (you can click View to verify the properties of the cert are what you expect)

huangapple
  • 本文由 发表于 2023年8月4日 00:53:21
  • 转载请务必保留本文链接:https://go.coder-hub.com/76830141.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定