Menu
We have a website with SSL configured. 2 days back SSL certificate was expired so I purchased a new instead of renewing. I have configured the new one. Now some of users are still getting SSL certificate expired issue although the new one is configured.
I want to force the browser to recheck the new SSL certificate using some server side configuration since we can not go and update each user browser certificate manually. It have to be done using some server side configuration. We are using Nginx.
This is really critical to us.
Please help in this regard.
Thanks!
219
The SSL connection is established before the browser sends an HTTP request and nginx does not know the name of the requested server. Therefore, it may only offer the default server’s certificate. The oldest and most robust method to resolve the issue is to assign a separate IP address for every HTTPS server:
The server sends one with each full TLS handshake. The browser does not somehow cache an old certificate and ignore the one sent by the server when validating. It is more likely that you've not fully rolled out the new certificate on the server side. For example if you have multiple servers make sure that all have the new certificate.
Beginning with version 75, Firefox can be configured to use client certificates and private keys provided by the OS on Windows and macOS. This method supports both PFX files imported into the OS certificate store, and certificates and private keys stored on smart cards (including SSL.com’s Business Identity certificates).
Select the Your Certificates tab to display a list of personal certificates provided by the OS. You can also install a certificate and private key directly into Firefox’s own certificate store by importing a PFX/PKCS12 file as described below.
The certificate is validated by the client only when the server sends one. The server sends one with each full TLS handshake. The browser does not somehow cache an old certificate and ignore the one sent by the server when validating.
It is more likely that you've not fully rolled out the new certificate on the server side. For example if you have multiple servers make sure that all have the new certificate. If your server provides access for IPv4 and IPv6 make sure that in both cases the proper certificate is served. If you provide service on multiple ports make sure that they all use the new certificate.
165
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
