UserAgent: Mozilla/5.0 (X11; CrOS x86_64 8350.68.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Platform: Platform 8350.68.0 (Official Build) stable-channel glimmer

Steps to reproduce the problem:
1. Go into Admin console and open the Network section in Device manager.  Go to Certificates.  
2. Delete the certificate for the old filter server
3. Create a new certificate from the new server (that has the same name as the old server was) and push it out to all chromebooks

What is the expected behavior?
To have the certificates updated on the chromebooks.  For them to check for a new cert (whether by timestamp of cert or by any other change)

What went wrong?
Nothing happened.  The old cert is still listed on the chromebook, but now says untrusted.  As this is a HTTPS authority cert, this keeps them from getting to Google.com and gmail.  I have to manually delete the cert from the chromebook, restart to have it pull down the correct one or I have to delete the profile on the chromebook to have it pull the correct certs.  Both mean interacting with the individual chromebook and not being able to manage the 9,000 plus chromebooks centrally.

Did this work before? N/A 

Chrome version: 52.0.2743.116  Channel: stable
OS Version: 8350.68.0
Flash Version: Shockwave Flash 22.0 r0

This would be very helpful to implement as there are some servers that tie the cert name into the server name and we can't change the cert name.  It would be nice if it could tell by the timestamp of the cert whether there was a new version of the cert to download and update.