Prev: How to repair or re-install Address Book
Next: Runtime error when clicking a link in IE 6 Windows 2000
From: si.allen on 14 Jan 2009 17:20
Hi,

IE seems to cache a client certificate in the SSL state cache once it
is used. If you remove the client certificate from the PC from the
personal certificate store for the current user, IE doesn't detect
this and STILL sends the cached certificate (Until either the 'Clear
SSL State' button is clicked or browser reopened).

Is there any way to set IE not to cache this client certificate? Is
this controlled by a registry setting? Preventing any caching of
client certificates would be ideal.

Thanks for any help.

Simon
From: Simon Allen on 27 Jan 2009 16:59
Just following up my post for any others running into this. I can't
see a way to disable the SSL State cache in IE6.

Being able to clear the SSL state cache is another option instead of
disabling. There are two ways it seems:

1. Really complex way is to wrap IE programmatically in your own
software and call API calls to reload WinInet to discard its in-memory
certificate cache. Is a poor solution if you don't have control of
the client workstation.

Or

2. You can clear the cache easily from within a web page using
JavaScript:

<script type="text/javascript">
document.execCommand("ClearAuthenticationCache");
</script>

This works on IE 6 and is IE only I believe.

There doesn't seem to be much documentation out there about this. I
was quite surprised.

Cheers,
Simon




On Jan 14, 3:20 pm, si.al...(a)gmail.com wrote:
> Hi,
>
> IE seems tocachea client certificate in theSSLstatecacheonce it
> is used.  If you remove the client certificate from the PC from the
> personal certificate store for the current user, IE doesn't detect
> this and STILL sends the cached certificate (Until either the 'ClearSSLState' button is clicked or browser reopened).
>
> Is there any way to set IE not tocachethis client certificate? Is
> this controlled by a registry setting? Preventing any caching of
> client certificates would be ideal.
>
> Thanks for any help.
>
> Simon

 | 
Pages: 1
Prev: How to repair or re-install Address Book
Next: Runtime error when clicking a link in IE 6 Windows 2000