Intermittent SSL certificate errors, cert is for a different site

Question

I'm getting an error on multiple servers (on the same network) when using IE11 and navigating to the following site: https://wllearning.com.au

It produces the following two errors on page load:

The security certificate presented by this website has expired or is not yet valid.

The security certificate presented by this website was issued for a different website's address.

If I click to continue past the SSL error and view the certificate it seems to be for a completely different site "*.silverstripe.com.au".

Now for the strange part, it doesn't always return this, sometimes just refreshing the page will result in the correct cert.

It seems the issue ONLY occurs on IE, Chrome works fine. I did consider that it might be similar to the SNI issue listed on other server fault questions but an SNI issue requires multiple sites using one IP I believe, and a reverse DNS lookup shows only one site associated with the IP address.

Note that there is no proxy service on the network having the issue and DNS does report the correct IP address.

How can I further troubleshoot this issue?

Answer 1

The unique IP in the reverse DNS response does not prove there are not multiple web servers managed by SNI on this host (most people do not set multiple PTR records when multihosting with SNI). In fact, there are multiple servers managed by SNI: just try https://{ip address of wllearning.com.au} and you will get the certificate for *.silverstripe.com.au.

Internet Explorer may have cached a bad redirect for this site. Try https://www.wllearning.com.au instead of https://wllearning.com.au If it does not work, try to create a new Windows account and connect to https://wllearning.com.au with IE on this new account. If this works, it means that IE has cached something and this explains the problem you have encountered.