Old SSL Certificate Cached on IE
We recently switched our SSL certificates on our web hosting environment and the old certificates are still showing up on certain computers with IE installed. It works perfectly fine in both Firefox and Chrome.
On the computers that are having errors, IE is looking at the old SSL cert at *.website1.org instead of the new SSL cert at *.website2.org, thus causing security errors. We've cleared the SSL state in the internet options, removed all cookies/temp files/history/etc.., made sure the time on the computer is correct, and done just about everything we can think of to try and get these computers to view the new certificate.
That all being said, SSL Checker is looking at the old certificate as well, so that's not good obviously.
http://www.sslshopper.com/ssl-checker.html
Solution 1:
I'd wager that it's not caching, it's Server Name Indication.
Systems supporting SNI are getting the cert from the VirtualHost
, while systems that do not (likely including that SSL Checker) are getting the first certificate to load on that port - which is not this one.
Scour your config for something else loading the old certificate (it's loading before the VirtualHost
that you have there). Oh, and do a full restart on the apache process (not a reload) after changing it.