Discussion:
IE 6. Disable client certificate caching in SSL State
(too old to reply)
s***@gmail.com
2009-01-14 22:20:19 UTC
Permalink
Hi,

IE seems to cache a client certificate in the SSL state cache once it
is used. If you remove the client certificate from the PC from the
personal certificate store for the current user, IE doesn't detect
this and STILL sends the cached certificate (Until either the 'Clear
SSL State' button is clicked or browser reopened).

Is there any way to set IE not to cache this client certificate? Is
this controlled by a registry setting? Preventing any caching of
client certificates would be ideal.

Thanks for any help.

Simon
Simon Allen
2009-01-27 21:59:41 UTC
Permalink
Just following up my post for any others running into this. I can't
see a way to disable the SSL State cache in IE6.

Being able to clear the SSL state cache is another option instead of
disabling. There are two ways it seems:

1. Really complex way is to wrap IE programmatically in your own
software and call API calls to reload WinInet to discard its in-memory
certificate cache. Is a poor solution if you don't have control of
the client workstation.

Or

2. You can clear the cache easily from within a web page using
JavaScript:

<script type="text/javascript">
document.execCommand("ClearAuthenticationCache");
</script>

This works on IE 6 and is IE only I believe.

There doesn't seem to be much documentation out there about this. I
was quite surprised.

Cheers,
Simon
Hi,
IE seems tocachea client certificate in theSSLstatecacheonce it
is used.  If you remove the client certificate from the PC from the
personal certificate store for the current user, IE doesn't detect
this and STILL sends the cached certificate (Until either the 'ClearSSLState' button is clicked or browser reopened).
Is there any way to set IE not tocachethis client certificate? Is
this controlled by a registry setting? Preventing any caching of
client certificates would be ideal.
Thanks for any help.
Simon
Loading...