Can't get a bad Certificate out of the system & browsers

[Mr. Black]

Hello Gentlemen,

 

I am running into an issue where all the browsers, and the system itself, have an incorrect certificate for my site
(https://www.thejuicegrinder.com), with Chrome reporting ERR_CERT_COMMON_NAME_INVALID because it has a certificate stored for my mail servers for some reason when I enter the URL.

It has the bad certificate somewhere in the system, because if I try to access it programatically via vb.net I get a SSL error too.
 

I have cleared the cache in Chrome, Edge, etc. I have cleared SSL state, etc. etc. etc.
All the stuff that Googling suggests, I have done.

Of course, going to the site on other machines or a VM there is no problem.

 

Does anyone have any suggestions? I'm stumped.

[ITOps]

You need to get a new certificate or a wildcard certificate that uses the right common name, if you did you may just need to replace the certificate being served for the domain server side with the proper one as it is probably sharing the mail certificate by default.  Or if you do have a certificate that does have the proper common name you need to insure it is tied to be served from that domain.  As it is showing as invalid for other machines too:

 

https://www.sslshopper.com/ssl-checker.html#hostname=https://www.thejuicegrinder.com

 

Certificate Issues:

https://www.ssllabs.com/ssltest/analyze.html?d=www.thejuicegrinder.com&s=23.254.129.10&latest

 

Or you may need to 

[xendrome]

It's prob in here somewhere - https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-view-certificates-with-the-mmc-snap-in

[Mr. Black]

ITops;

 

TL;DR first reply.

That's what I cannot figure out - the certificate is properly installed in IIS, I have no idea why there is an issue.

You see that, but LOL, it works fine on other machines?

 

Your first link shows an issue, then the 2nd one says it's fine.

I'm totally confused - the cert people said it was fine, that shows it isn't, it don't work on my machine but does on others.

Edited April 29, 2018 by Mr. Black

[ITOps]

For the site that SSL is binded to the IP of the site and the mail cert binded to the to others?  If so restart IIS and do a fresh openssl cert test from your host to see what is going on.

 

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732443(v=ws.11)

 

In a worst case scenerio remove all the certificates and re-add them after restarting IIS.  More then likely something could be binded to it in memory.  If that doesn't work restart the physical server (Windows Fix).

[xendrome]

IS the date/time/year correct on your workstation?

[Mr. Black]

I'm not sure where the issue arose, but I changed IIS to "Use All Unassigned" and the issue stopped.
I also added Use Server Name Identification.
 

Was working fine before, so...
Doesn't matter, I'm transferring servers and will have enough IP's for them to truly be dedicated to one purpose (i.e. current is shared)