Prevent Internet Explorer from caching SSL client certificates
Solution 1
The thread Clear SSL State using vbscript contains this command :
"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WININET.dll",DispatchAPICall 3
The thread how to clear authentication cache on ie7 with Javascript? advices to paste into the address bar :
javascript:void(document.execCommand('ClearAuthenticationCache'));
Solution 2
Install both certificates, select the one that you use mostly the next time you visit the site, and than use "InPrivate Browsing" (CTRL+SHIFT+P, or via menu) whenever you need to use the other one.
InPrivate browsing is like if you would have clear all cache, history and start with a brand new/(unused before) browser.
Related videos on Youtube
Admin
Updated on September 18, 2022Comments
-
Admin over 1 year
I use a particular HTTPS website, but I have two separate client certificates that I use to authenticate (sometimes I use one account, which requires certificate A and sometimes a different one, which needs certificate B).
Internet Explorer caches SSL certificates on a per-domain basis, so in order to change to the other certificate, I have to clear the SSL Cache in Internet Options.
Is there any way that I could prevent Internet Explorer from caching SSL certificates for domains?
If not, is there a way that I could clear the SSL cache through a script or command?
I'm using Windows 7, Internet Explorer 9.
-
IOException over 10 yearsMost SSL client certificate authentication systems rely on the user continuing to use the client certificate automatically in any further interactions as I understand it. If that is the case for your app, disabling SSL client certificate caching would result in immediately being effectively logged out on the next page load, and thus being unable to properly use the app with either certificate A or B, so while this would allow you to switch certificates more easily, it would probably not be the desired result.
-
harrymc over 10 yearsI think the most you could do is write a script that deletes these two certificates from the store. You then avoid clearing the whole store.
-
Vanadis over 10 yearsDo you have administrative rights on this "particular https website"?
-
Admin over 10 years@Vanadis By that are you asking if I administer the site itself? No, it's a third party service.
-
-
Admin over 10 yearsBoth worked! I've incorporated the first into batch that runs on the start of IE. Thanks!