The SSL certificate for one of our sites expired and I've been given the task of renewing it despite not being a server admin of any sort. I've completed the certificate request and added it to the server certificates. Then, I assigned this new certificate to the https bindings for the site in question.
When I view the certificate, it shows an expiration of 2020 from Entrust provider with sha256 hash and sha1 thumbprint.
If I am on our company's network and visit the site, I can see the new certificate being served correctly. However, any user outside of this network, including if I disconnect, will get a "Certificate not trusted" error. Upon inspection of the certificate now being served, it shows the old SHA1 hash expired certificate.
I've checked the certlog using DigiCertUtil and verified there are no SSL hashes that correspond to existing, valid certificates. There are also no other HTTPS bindings associated with this site. What am I missing here?