Expired web/SSL certificate error on only one computer

I have a strange problem with one website's SSL certificate that only affects one computer Windows 7 operating system. The site works fine on other Win 7 computers with no error, pulling valid certificates. I do not own or administer the website, but because the site works perfectly on all other computers, I doubt it's a problem with the site. The "problem computer" is a Win 7 machine, and the error happens with every Win 7 user and every browser (or at least IE10, Chrome, and Firefox). I should add that when I boot this "problem computer" to Ubuntu from a USB key, a valid certificate is pulled.

The domain has private and public users, so I would rather not use the real domain here. Instead, I'll use one of Microsoft's fake domains (contoso.com) to illustrate the problem. The certificate appears to apply to *.contoso.com, but it only appears when I try to access https://a.contoso.com. When I access https://b.contoso.com, I get a different and valid certificate that also applies to *.contoso.com.

EDIT: Browser/Win 7 images of the certificate errors deleted from the original post in favor of openssl output below.

This has been a problem since the certificate expired on December 10, 2014. I have tried going into certmgr.msc > Trusted Root Certification Authorities > Certificates and deleting all of the GeoTrust certificates for both the Current User and the Computer accounts. A new GeoTrust Global CA certificate appeared after reboot, but that did not resolve the situation. Again, this problem affects all users on only one computer regardless of the browser used. Further, it does not affect those same domain users if they log into another computer.

Here are some other solutions I've tried:

• Rebooting (of course).
• Using the Clear SSL State button in inetcpl.cpl > Content
• Accessing the site using this "problem computer" from several different public WiFi networks.
• Using certutil -setreg chain\ChainCacheResyncFiletime @now to invalidate current CRL cache entries as per http://blogs.technet.com/b/pki/archive/2007/09/13/how-to-refresh-the-crl-cache-on-windows-vista.aspx
• Used the Copy to File button in the Certificate > Details box on a working computer to copy a working certificate to a file which I then transferred to and installed on the computer with the expired certificate. + reboot, no luck.

Am I correct in assuming this is a problem with the individual computer and not the site hosting the page? And if that's correct, is there a way to force this computer to drop the expired certificate and get the new one that all the other computers are getting?

UPDATE: I appear to be partially correct in my assumption that this is not a problem with the site hosting the page. I assumed it was a problem with the computer, itself, but now it appears to be a problem with the Win 7 operating system installed on this "problem computer" only. I come to this conclusion because other computers running Win 7 pull valid certificates and because this "problem computer" pulls a valid certificate when it is booted into Ubuntu from a USB key. Only when this "problem computer" boots into Win 7 does the expired certificate appear. With that knowledge, is there a way to expunge the expired certificate from Win 7 more successfully than the ones I've listed (which have all failed) above?

Thanks in advance.

Edit: here's the output from openssl s_client -tls1_2 -connect a.contoso.com:443 -servername a.contoso.com | openssl x509 -text -noout on the "problem computer", using Cygwin from the Win 7 operating system. Note the Validity attribute that shows the certificate to expire on Dec 10 21:59:20 2014 GMT:

$ openssl s_client -tls1_2 -connect a.contoso.com:443 -servername a.contoso.com | openssl x509 -text -noout
depth=1 C = US, O = "GeoTrust, Inc.", CN = GeoTrust SSL CA
verify error:num=20:unable to get local issuer certificate
verify return:0
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 113752 (0x1bc58)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA
        Validity
            Not Before: Oct  8 16:20:07 2012 GMT
            Not After : Dec 10 21:59:20 2014 GMT
        Subject: serialNumber=ibWVTrZnhDvyhydnlXKodqBj0Azl-unn, C=US, ST=Colorado, L=Denver, O=ContosoCompany, OU=ContosoDepartment, CN=*.contoso.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:df:41:d1:5b:bd:00:68:2c:5e:72:65:39:b6:ac:
                    7d:67:46:64:f9:c7:07:93:89:80:bd:27:77:f0:40:
                    6f:61:3b:58:96:bc:cb:a3:f9:40:ad:63:27:b3:e3:
                    fb:c6:87:dc:c8:af:9e:0e:79:c4:e2:09:31:34:e8:
                    c4:2a:7c:77:f1:88:41:c3:b3:b4:88:50:d0:3b:c9:
                    34:ac:61:e2:4d:a1:cd:6d:4e:db:73:25:eb:b7:f7:
                    82:95:2d:48:10:f7:78:25:a8:c8:05:a0:bd:07:6b:
                    7c:b9:09:e4:73:1a:ae:b7:8b:cd:9a:ef:58:39:70:
                    c3:20:5d:ab:8e:f0:c3:fc:96:d9:07:80:e1:88:e8:
                    b3:83:18:1c:ba:28:9b:a6:45:7f:0f:98:9b:cb:53:
                    29:c6:9e:d5:9c:26:40:bd:81:0d:bc:b3:06:90:9a:
                    a3:25:98:bb:b1:b3:0d:e6:7f:4e:93:8e:ee:b4:de:
                    15:3c:45:ac:1f:41:3d:e1:5e:de:3c:bb:ce:97:40:
                    fa:10:43:1a:bc:44:2a:55:fe:c2:e0:e0:6a:c3:17:
                    08:a6:ca:51:de:44:0a:c0:28:32:58:a4:f5:1a:ed:
                    c0:8f:40:22:6a:05:1a:9c:2c:20:39:24:83:10:36:
                    a0:49:79:4b:50:9e:ea:e7:5d:d2:57:54:a5:a3:24:
                    6b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:42:79:54:1B:61:CD:55:2B:3E:63:D5:3C:48:57:F5:9F:FB:45:CE:4A

            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment, Data Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Subject Alternative Name:
                DNS:*.contoso.com, DNS:contoso.com
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://gtssl-crl.geotrust.com/crls/gtssl.crl

            X509v3 Subject Key Identifier:
                EE:49:78:68:84:FF:89:18:BE:21:E9:34:73:32:59:33:2E:93:B3:2B
            X509v3 Basic Constraints: critical
                CA:FALSE
            Authority Information Access:
                OCSP - URI:http://gtssl-ocsp.geotrust.com
                CA Issuers - URI:http://gtssl-aia.geotrust.com/gtssl.crt

            X509v3 Certificate Policies:
                Policy: 2.16.840.1.113733.1.7.54
                  CPS: http://www.geotrust.com/resources/cps

    Signature Algorithm: sha1WithRSAEncryption
         82:bc:a7:50:e1:36:7c:c0:67:cc:40:56:7b:22:a2:c2:98:2c:
         01:12:b0:6f:0d:01:97:4e:a6:19:5a:d0:eb:61:22:c8:6e:05:
         07:a2:97:2a:4e:4f:0b:a4:af:f4:3b:2c:42:e4:21:6d:4a:b1:
         e8:47:2c:71:56:fb:ec:49:59:97:a7:0f:54:f2:0e:06:cf:e7:
         6a:4c:f7:33:d1:21:aa:bb:e2:a2:c1:85:8e:46:02:e5:e9:93:
         eb:4e:aa:a5:78:e0:bc:94:a6:58:9d:b4:53:98:21:48:48:4c:
         94:dd:3a:96:79:3d:08:ed:25:6c:16:31:1b:e3:a8:9d:4f:7e:
         c7:9e:bf:d7:c5:06:e0:2e:05:94:54:7a:13:71:a7:8a:24:18:
         e1:c3:51:16:e7:02:0d:07:71:e7:ae:d8:27:ed:7c:2b:ba:b7:
         16:ac:95:50:f0:a4:30:1b:f4:4a:6b:ca:7a:f4:b4:f4:cb:d3:
         29:87:a5:b6:03:59:94:c0:f3:7c:91:ee:e7:37:69:3f:b1:fe:
         06:a6:62:12:91:30:c5:63:e0:f9:9f:af:a5:dd:de:15:b8:b6:
         e7:df:78:7a:97:e7:a6:cc:f1:57:e2:b9:00:59:b1:52:03:9c:
         de:b4:e5:4f:45:22:8a:69:26:5b:27:ca:45:98:d9:c3:5a:32:
         d5:f7:27:c2

And here's the output from openssl s_client -tls1_2 -connect a.contoso.com:443 -servername a.contoso.com | openssl x509 -text -noout on the "problem computer", running Ubuntu 14.04 from a USB key. Note the Validity attribute here that shows the a valid certificate which expires on Dec 5 14:21:24 2015 GMT:

ubuntu@ubuntu:~$ openssl s_client -tls1_2 -connect a.contoso.com:443 -servername a.contoso.com | openssl x509 -text -noout
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=19:self signed certificate in certificate chain
verify return:0
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 686155 (0xa784b)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=GeoTrust Inc., OU=Domain Validated SSL, CN=GeoTrust DV SSL CA
        Validity
            Not Before: Dec  1 23:03:54 2014 GMT
            Not After : Dec  5 14:21:24 2015 GMT
        Subject: serialNumber=AEv6bwWEDDnubjaF1huAIm7G/hgmDTWE, OU=GT24051799, OU=See www.geotrust.com/resources/cps (c)14, OU=Domain Control Validated - QuickSSL(R), CN=a.contoso.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d3:48:ca:32:bb:e9:a3:f9:75:35:71:f2:c0:78:
                    2b:22:60:8d:36:91:20:46:d0:d4:09:d0:8d:fa:3e:
                    e2:bc:23:f6:c1:fc:03:2a:9a:79:da:12:e8:d2:1d:
                    b2:09:df:af:21:42:94:5c:88:68:43:51:57:40:26:
                    d1:b2:51:93:59:5e:ba:2f:41:de:c1:5c:04:e3:66:
                    a3:13:d5:87:de:71:83:cc:03:2a:06:c1:66:29:12:
                    c8:a5:32:91:74:0a:40:87:d4:e7:d8:32:c3:7e:aa:
                    57:75:c0:0e:19:75:27:9a:08:40:8c:1a:90:ab:e6:
                    3a:e7:8c:47:25:ec:d0:61:07:e2:da:a6:86:43:fa:
                    2b:40:0b:37:c2:63:7b:57:4e:fd:3a:54:ce:f9:c7:
                    b7:38:c1:2c:65:76:91:7e:84:85:90:c6:3e:65:5d:
                    e7:57:2f:2f:63:5a:ec:6b:77:6a:9e:9f:2b:f1:40:
                    c6:8f:14:77:ce:ee:3f:f1:e8:87:5f:a0:c0:18:39:
                    8b:63:df:a7:3a:68:39:c1:dc:9b:48:ec:65:75:07:
                    30:b2:6d:91:e8:42:41:cb:a7:33:64:01:21:e2:39:
                    ab:9d:64:7d:b2:24:2c:2c:69:b3:b1:36:ab:ed:93:
                    eb:3d:be:0f:2f:b3:13:47:78:ea:be:77:54:e2:be:
                    ba:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:8C:F4:D9:93:0A:47:BC:00:A0:4A:CE:4B:75:6E:A0:B6:B0:B2:7E:FC

            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Subject Alternative Name:
                DNS:a.contoso.com
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://gtssldv-crl.geotrust.com/crls/gtssldv.crl

            X509v3 Subject Key Identifier:
                B5:10:8A:28:BE:B2:E8:EA:D2:0C:A9:0B:78:BF:1A:4C:FF:CB:70:BE
            X509v3 Basic Constraints: critical
                CA:FALSE
            Authority Information Access:
                OCSP - URI:http://gtssldv-ocsp.geotrust.com
                CA Issuers - URI:http://gtssldv-aia.geotrust.com/gtssldv.crt

            X509v3 Certificate Policies:
                Policy: 2.16.840.1.113733.1.7.54
                  CPS: http://www.geotrust.com/resources/cps

    Signature Algorithm: sha1WithRSAEncryption
         8c:da:2b:78:4e:bf:6e:d8:48:4f:2c:e5:5a:06:18:d7:39:99:
         fd:29:9d:c4:c3:e4:6b:54:82:df:96:c2:84:49:e1:f6:2c:62:
         e0:61:b8:5d:7c:ce:db:38:ab:5f:1c:79:e5:c3:d4:f1:35:2e:
         6c:8e:a2:60:f1:69:9f:41:54:0d:f4:1c:76:5e:46:33:60:a1:
         bb:22:a9:ca:a2:14:a2:6c:e5:c6:80:dd:cb:e7:0e:f2:8a:5e:
         b0:e7:cb:d4:72:3d:01:4f:58:42:9c:7c:81:1f:6e:22:10:0f:
         de:1c:d4:54:cd:8e:5c:4b:35:5f:5a:af:b0:78:9f:60:56:1b:
         10:64:2d:b7:39:55:be:e2:14:b8:27:5c:af:0e:63:03:27:6a:
         bd:a7:14:27:5d:fc:a3:d1:27:3b:e9:23:11:10:63:7d:77:2b:
         b2:db:2e:14:d5:e6:eb:80:6d:fc:bd:af:bb:14:9d:28:9c:91:
         a4:16:b5:4b:70:4d:54:df:5b:0f:3e:83:40:02:cd:56:fd:7a:
         4c:a9:06:2b:45:40:ce:8e:ec:6c:6c:1b:b1:a8:c5:56:fd:60:
         dc:f1:bc:7d:27:63:eb:b7:99:d9:ec:8f:63:d7:a0:b6:7b:ea:
         b0:1e:b2:4c:89:0c:11:c4:c2:dd:1f:e7:ef:db:44:23:c8:52:
         37:40:6a:10