Found the answer to my own problem. I'll post it here in case my stupidity helps someone else. :-)
I actually have two AWS web servers, with a load balancer in front of them. I discovered that the new certificate actually displayed fine in the browser if I hit each web server directly, but failed if I went to "www" through the load balancer.
I forgot to upload the new certificate files to the load balancer through AWS's Management Console. This page describes the process:
Updating an SSL Certificate for a Load Balancer
Note that the private and public key files you copy and paste there have to be in RSA format. This web page describes how to convert your files to that format if needed:
AWS Load Balancer SSL limitations
After all that, the browser immediately displays the new certificate. No delay, no caching. Thanks for the comments above anyway.
You sure this isn't simply a cache issue on your end? – Ramhound – 2012-11-14T22:53:43.807
Nope, not sure. :-) Just don't know where to uncache it. I tried clearing the cache in the browser but it didn't help. Wondering if it's more of a system thing. I'm on Win7 64-bit, btw. – Russell G – 2012-11-14T22:56:05.163
4
You have to restart Apache. Certificate appears imediatelly after that or something is wrong. Or you have a proxy server. http://serverfault.com/questions/323817/apache-seems-to-be-using-old-expired-certificate-even-though-new-one-is-installe
– week – 2012-11-14T22:59:09.863@week: Thanks for the link. I restarted Apache already actually, but it didn't help. But that link showed me how to use openssl to view the certificate being issued by Apache, and I verified that it is indeed the new cert, and that the expiration date is the new one. There's no proxy being used in this case though, so I'm still at a loss. Just so I understand, you're saying that after restarting Apache, all I should have to do is hit the web site again and then use the browser to view the new certificate? – Russell G – 2012-11-14T23:32:11.643