Force SSL Cert Renewal?

Question

We updated our SSL cert to a domain level wild card cert. We launched our new site today with that cert installed. It's MVC4 on IIS in Azure.

We have some users, mostly on IE as far as I can tell, that have the old cert cached. This makes it so they can't stay logged in. Their browser is rejecting the .NET auth cookie.

We have them clear their SSL state via the instructions in this link. That corrects the problem for them.

My question is, is there a way to force browsers to grab our new cert?

Edit

We added

    var agt = navigator.userAgent.toLowerCase();
    if (agt.indexOf("msie") !== -1) {
        document.execCommand("ClearAuthenticationCache", "false");
    }
        //window.crypto is defined in Chrome, but it has no logout function
    else if (window.crypto && typeof window.crypto.logout === "function") {
        window.crypto.logout();
    }

To the login page at www.trainerroad.com/login. That code is firing, but it is not helping.

Edit 2
I'm now changing the above code to remove the "false".

document.execCommand("ClearAuthenticationCache");

I'm publishing that now. I can't reproduce the issue so I have to wait for someone with the problem to try it and tell me how it goes.

Does this help: http://stackoverflow.com/questions/31326/is-there-a-browser-equivalent-to-ies-clearauthenticationcache - see this answer: http://stackoverflow.com/a/9443989/419 — Kev, Sep 17 '13 at 01:07
Not a direct solution, but you could redirect logins to a "www2..." URL (or anything different from what you have now but still under your wildcard domain cert) - do that for a while in order to break the cache. A rather ugly and possibly error-prone approach, but would work. — Brad Peabody, Oct 02 '13 at 20:40
An article that details additional items to check in the browser to see if a certificate is expired http://blogs.msdn.com/b/ieinternals/archive/2011/04/07/enabling-certificate-revocation-check-failure-warnings-in-internet-explorer.aspx — Mike Beeler, Oct 03 '13 at 16:13

score 0 · Answer 1 · answered Oct 03 '13 at 15:42

0

I'm sorry to post this as an answer, I'm not able to comment yet. This article talks about a similar issue and may be helpful to you: Please check here

Hope this helps,

Chris

answered Oct 03 '13 at 15:42

campagnolo_1

2,710
1
17
25

I know your account is too new to comment, but you could have spent 10 minutes researching a little more and at least suggested a possible solution instead of simply linking to another page. – Brenden Oct 03 '13 at 16:12
1

Brenden, the link does provide a solution. I read the whole exchange and the issue got resolved for the user. Since it's not exactly the same scenario I only posted this as a suggestion. I would have done that as a comment, alas I'm not yet able to do so. And trust me, I spent more than 10 minutes researching. – campagnolo_1 Oct 03 '13 at 16:45
I understand, but it would be more helpful to add some details about what the link suggests as a solution. See http://stackoverflow.com/help/how-to-answer under "Provide context for links" – Brenden Oct 09 '13 at 20:47

Force SSL Cert Renewal?

1 Answers1