Due to SHA1 deprecation, we have ordered SHA256 replacement certificates for Exchange 2010 OWA and SharePoint.
We successfully installed the certificates and when we look at the certificate through the browser, everything looks fine.
However, SSLLABS.com says an "additional" SHA1 intermediate is still available and may cause browser warnings.
I tried to uninstall it from the MMC, but when I did it broke the certificate chain and I had to reinstall it.
What are the correct steps to remove the old SHA1 Intermediate and make sure the SHA256 intermediate is still properly applied on IIS for Server 2008 and 2008 R2?