Why is my SSL certificate not valid in older versions of Internet Explorer?


Previously, SSL certificates could only be set up where there would only be one per IP address.  While this one-to-one relationship was simpler to implement, there are a finite number of IP addresses that can be used on the Internet, and the more SSL certificates that were purchased reduced the number of IP addresses available.

Service Name Indication (SNI) was developed to solve this problem, allowing multiple SSL certificates to be served from the same IP address.  SNI is supported in all modern browsers on modern operating systems, but if someone is using an older operating system or browser, they may be warned that the SSL certificate is not valid.

This is not a problem with the certificate, but a problem with older technology not being able to differentiate between certificates served through one IP address.

The oldest version of Internet Explorer that supports SNI is Internet Explorer 7 on Windows Vista.  Older versions of Internet Explorer, as well as Internet Explorer 7 and 8 on Windows XP or older, will not recognise SSL certificates on shared IP addresses.

If possible, you can ask your visitors to use a different browser, such as Firefox or Chrome, or encourage them to upgrade their systems.



Article ID: 578
Created On: Wed, Apr 1, 2015 at 1:03 PM
Last Updated On: Tue, Jan 12, 2021 at 2:55 PM

Online URL: https://www.heartinternet.uk/support/article/why-is-my-ssl-certificate-not-valid-in-older-versions-of-internet-explorer.html