Windows XP IE6/IE7 cannot use SSL when hosted on servers with multiple SSL sites

Users reporting SSL certificate errors? They’re on Windows XP IE6/IE7? Other users not seeing the same issues, even on Vista IE7?

Confused? I was. Turns out the answer is pretty simple and well known, IE is crap. Specifically IE7 and lower on Windows XP does not support SNI (Server Name Indication).

This means that if you are hosting your HTTPS site on a server with other sites using HTTPS (port 443) IE will not tell your web server which subdomain to look for when requesting the certificate (e.g. give me the cert for  mysite1.com versus mysite2.com, like it does when making the normal request). So your web server returns the first one under port 443 that matches, because it has nothing to id the target configuration. If this is the incorrect cert it won’t match the domain and IE will give an SSL error.

There’s no smart way around this, nothing can force the client to send the right info in the certificate request, so if you want your SSLs to work for older machines you need to split out your sites onto different machines.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s