Although this has never been a problem before, our PCI scanning provider is now throwing the toys out if it finds some old certificates, the fact the correct current one is showing when the user comes in via the domain name notwithstanding.
I deleted the one they failed on first, so it picked on another that I also deleted. Now it's picking on the original self-signed cert that was created with IIS.
This creates a new problem - when I installed the last certificate I selected 'Web Hosting' as the certificate store instead of 'Personal.'
When updating apps Management Service is used, and I have been able to just use the drop down from Management Service and point it to the latest certificate. This time it's now showing in the list, that I have put down to using the wrong certificate store - so I am using the self signed certificate for that purpose. If I delete that then I guess I will have an issue with updating apps.
Any suggestions would be appreciated :-)
==================== UPDATE ================================
The PCI scan was failing on port 8127. When I changed the certificate binding for Management Service to the self signed certificate it failed on that one instead.
I ordered and installed another certificate and saved it to the personal certificate store, then bound that to Management Service (now I can update apps without a cert warning) and when I ran NETSH HTTP SHOW SSLCERT it showed the new certificate bound to port 8127.
Running another scan now.
=================== FURTHER UPDATE=============================
It passed the scan, and it just dawned on me why it wasn't picked up before - because usually Management Service is turned off!! This is what happens when certificates are an accident that happen every couple of years :-)
