Keyfactor · doebrowsk · Jul 8, 2025 · Jul 8, 2025 · Jul 8, 2025 · Jul 8, 2025
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,9 @@
+2.6.3
+* Fixed reenrollment job when RDN Components contained escaped commas
+* Updated renewal job for IIS Certs to delete the old cert if not bound or used by other web sites.
+* Improved Inventory reporting of CSP when cert uses newer CNG Keys
+* Fixed an issue with complex PFX passwords that contained special characters such as '@' or '$', etc.
+
 2.6.2
 * Fixed error when attempting to connect to remote computer using UO service account
 * Fixed error when connecting to remote computer using HTTPS; was defaulting to HTTP

diff --git a/IISU/ImplementedStoreTypes/WinIIS/Inventory.cs b/IISU/ImplementedStoreTypes/WinIIS/Inventory.cs
@@ -95,7 +95,7 @@ public JobResult ProcessJob(InventoryJobConfiguration jobConfiguration, SubmitIn
                     {
                         Result = OrchestratorJobStatusJobResult.Success,
                         JobHistoryId = jobConfiguration.JobHistoryId,
-                        FailureMessage = ""
+                        FailureMessage = $"Inventory completed returning {inventoryItems.Count} Items."
                     };
                 }
 

diff --git a/IISU/ImplementedStoreTypes/WinIIS/Management.cs b/IISU/ImplementedStoreTypes/WinIIS/Management.cs
@@ -16,6 +16,7 @@
 using System;
 using System.Collections.Generic;
 using System.Collections.ObjectModel;
+using System.Linq;
 using System.Management.Automation;
 using Keyfactor.Extensions.Orchestrator.WindowsCertStore.Models;
 using Keyfactor.Logging;
@@ -89,6 +90,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                 string protocol = jobProperties?.WinRmProtocol;
                 string port = jobProperties?.WinRmPort;
                 bool includePortInSPN = (bool)jobProperties?.SpnPortFlag;
+                string alias = config.JobCertificate.Alias.Split(':').FirstOrDefault() ?? string.Empty;  // Thumbprint is first part of the alias
 
                 _psHelper = new(protocol, port, includePortInSPN, _clientMachineName, serverUserName, serverPassword);
 
@@ -171,6 +173,14 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                                             psResult = OrchestratorJobStatusJobResult.Unknown;
                                         }
 
+                                        // Only is the binding returns successful, check of original cert is still bound to any site, if not remove it from the store
+                                        if (psResult == OrchestratorJobStatusJobResult.Success && !string.IsNullOrEmpty(alias))
+                                        {
+                                            _logger.LogTrace("Attempting to remove original certificate from store if it is no longer bound to any site.");
+                                            RemoveIISCertificate(alias);
+                                            _logger.LogTrace("Returned from removing cert if not used.");
+                                        }
+
                                         complete = new JobResult
                                         {
                                             Result = psResult,