Recently one of out client requested to configure remote app publishing through windows 2012 server. After configuring all remote app setting it failed because of certificate error as Remote app requires a valid trusted certificate to be installed so that the clients can open the applications from their desktop icon.  We went ahead and generated a self signed certificate on the remote app server and assigned it correctly on the required sites in IIS by editing the binding settings. Refer the screen shot below

edit-the-website-binding-ssl-certificate-in-iis

edit-the-website-binding-ssl-certificate-in-iis

However despite of these changes the server kept presenting the old server certificate and hence the remote app wasn’t able to connect. I even deleted the old server certificate from the server and rebooted the server but still it kept presenting the old certificate. I researched further and found the following commands to check the installed certificates on the server and delete them as needed.

Following command (ran from command prompt) display the certificates installed on a server.

Netsh Http Show Sslcert

 

netsh-http-show-sslcert-command-showing-vaious-certificate-binded-on-the-server

netsh-http-show-sslcert-command-showing-vaious-certificate-binded-on-the-server

As we can see in the screenshot above, this command did reveal that the old certificate (which I had already deleted from the server) was still present on the server. The old and new certificates can be identified from the certificate hash value.

 

I used the following command to delete the non required stale certificate from the server

Following command (ran from command prompt) deleted the required certificate from the server.

Netsh delete Sslcert Ipport=[::]:443 (please replace IP Port value with your required value

netsh-http-delete-ssl-cert-command-used-to-delete-the-certificate-from-server

netsh-http-delete-ssl-cert-command-used-to-delete-the-certificate-from-server

After this SSL certificate was deleted we ran the following command again and validated that its showing only correct certificate now.

netsh-http-show-sslcert-command-showing-the-new-certificate-only-for-http-binding

netsh-http-show-sslcert-command-showing-the-new-certificate-only-for-http-binding

Validated our Remote App publishing was working fine now.

 

Do let us know if you have more information or quicker solution about this issue,  we also appreciate your comments and experience you shared with this issue and the work around you followed.

If we were able to help you even a bit with this information then please share this article on Google, FB or Twitter to spread awareness and save headaches.

The following two tabs change content below.
An automobile enthusiast at heart and computer geek by profession, started my Career with MS in 2005.Left Jobs and started Pledge Technologies (the parent company to Grishbi) back in 2009.We have been providing IT consulting to various Small and Medium businesses across US and UK since then.Our company specialises in Microsoft Server technologies like AD, Exchange, the rest and with numerous Office 365 migrations under our belt, we quite an expert with that too. Whatever we learn in our day to day life, we share it back on Grishbi as a Thank for all the love and support our customers have given us.
%d bloggers like this: