Old SSL Certificate Cached on IE

apache-2.2 ssl ssl-certificate internet-explorer

We recently switched our SSL certificates on our web hosting environment and the old certificates are still showing up on certain computers with IE installed. It works perfectly fine in both Firefox and Chrome.

On the computers that are having errors, IE is looking at the old SSL cert at *.website1.org instead of the new SSL cert at *.website2.org, thus causing security errors. We've cleared the SSL state in the internet options, removed all cookies/temp files/history/etc.., made sure the time on the computer is correct, and done just about everything we can think of to try and get these computers to view the new certificate.

That all being said, SSL Checker is looking at the old certificate as well, so that's not good obviously.

http://www.sslshopper.com/ssl-checker.html


Solution 1:

I'd wager that it's not caching, it's Server Name Indication.

Systems supporting SNI are getting the cert from the VirtualHost, while systems that do not (likely including that SSL Checker) are getting the first certificate to load on that port - which is not this one.

Scour your config for something else loading the old certificate (it's loading before the VirtualHost that you have there). Oh, and do a full restart on the apache process (not a reload) after changing it.

Related

Dovecot IMAP authentication failed
Public SSH keys not working for all users on same server
How to remove orphaned Domain Controller's DNS records?
Fedora 14 Repository List
Sending mails with monit over Google Apps mailserver
Routing Internet traffic through computer on another subnet
SIOCSIFFLAGS: No such file or directory
How do I make sure sftp server is VSFTPD?
What is the difference between $\omega$ and $\mathbb{N}$?
Resource recommendations for learning Grade 10 Geometry and Algebra?
Subgroups of $\Bbb{R}^n$ that are closed and discrete
Concerning the sequence $\Big(\dfrac {\tan n}{n}\Big) $