Many applications are using http.sys or similar to terminate http traffic on windows. Examples for this applications are Microsoft Exchange, Windows Admin Center, IIS, Remotedesktopgateway and so on. When doing this, tls certificates can be managed using netsh http.
Most applications offer comprehensive ways to replace a certificate. In case it's not accessible easy, you can directly replace the binding on the command line.
To get a list of currently known HTTP TLS bindings, use netsh http show sslcert.
In order to change a certificate you remove the old binding and add a new one.
Before replacing the certificate, we need to retrieve the thumbprint of the new certificate. Using powershell that's really easy.
Nest step is to replace the certificate
(When doing this on powershell, be sure to put the appid parameter in quotes, otherwise the brackets will cause an issue parsing the command)