Question about changing the certificate used by the SSTP VPN on a TMG 2010 server

Hi,

I need to change the certificate used by the SSTP VPN because the one I originally used didn't have a publicly visible CRL which I've subsequently taken care of.  I've read the instructions on how to update the certificate used by SSTP VPN since it seems like changing it is a non trivial process. I've read the following links:

http://support.microsoft.com/kb/947027

http://kingofbytes.wordpress.com/2014/01/05/nightmare-on-vpn-street-with-tmg-and-sstp-part-1-of-4/

The process seems pretty straight forward. My only concern is that when I do the "netsh http show ssl" command on my TMG 2010/SSTP VPN server I get back this:

SSL Certificate bindings:
 -------------------------

    IP:port                 : 0.0.0.0:443
     Certificate Hash        : aa8903a20156be71f9a7e3047433013574b08c70
     Application ID          : {1d40ebc7-1983-4ac5-82aa-1e17a7ae9a0e}
     Certificate Store Name  : (null)
     Verify Client Certificate Revocation    : Enabled
     Verify Revocation Using Cached Client Certificate Only    : Disabled
     Usage Check    : Enabled
     Revocation Freshness Time : 0
     URL Retrieval Timeout   : 0
     Ctl Identifier          : (null)
     Ctl Store Name          : (null)
     DS Mapper Usage    : Disabled
     Negotiate Client Certificate    : Disabled

    IP:port                 : [::]:443
     Certificate Hash        : aa8903a20156be71f9a7e3047433013574b08c70
     Application ID          : {1d40ebc7-1983-4ac5-82aa-1e17a7ae9a0e}
     Certificate Store Name  : (null)
     Verify Client Certificate Revocation    : Enabled
     Verify Revocation Using Cached Client Certificate Only    : Disabled
     Usage Check    : Enabled
     Revocation Freshness Time : 0
     URL Retrieval Timeout   : 0
     Ctl Identifier          : (null)
     Ctl Store Name          : (null)
     DS Mapper Usage    : Disabled
     Negotiate Client Certificate    : Disabled

And what I'm concerned about is the Application ID reported here is {1d40ebc7-1983-4ac5-82aa-1e17a7ae9a0e} while the two links say it should be {ba195980-cd49-458b-9e23-c84ee0adcd75} which is the App ID for the SSTP server.  The only thing I can think of is that my SSTP server and certificate are bound to a different IP address than the default HTTP listener.  If I look up the aa8903a20156be71f9a7e3047433013574b08c70 hash in the list of certs it is an old expired machine certificate for the TMG server. 

It seems since that this certificate is expired that removing it is ok, but I'm not sure about the other commands that update the SSL certs like "netsh http add sslcert" for example.  Do I have to tell the netsh http commands to use a different IP address?

Thanks

Nick