ssl certificate expired warning message

We have a apache http server running on our local network.
when connecting to it i get a "certificate expired" warning message.
when i ignore the warning and view the certificate it shows it is valid from oct 2008 to oct 2011.

when i ssh to the linyx box that is running the apache server and check the certificate with "openssl x509 -in /etc/usr/apache2/conf/cert.crt -fingerprint - text" it shows up with the right date as well.

the certificate has been updated recently, i have done a software as well as a hardware restart.
but the problem persists.
could the previous certificate be cached somewhere? or is this a browser problem? or maybe something completely different.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

James LooneySr. Programmer/AnalystCommented:
When you get the error, are you using the same domain name as the certificate was generated for? If there is a mismatch there, it can throw errors.
southwaveAuthor Commented:
The certificate is issued to an ip, and is only open to the local network.
when opening the browser while connected to this local network you will automatically be redirected to the ip of the webserver (
after you log on to this website you can browse the internet. (and that is where you get the "expired" warning message.
James LooneySr. Programmer/AnalystCommented:
Did you build this system yourself (the login before you can browse the internet system) or is it a third-party application?
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

southwaveAuthor Commented:
i honoustly couldnt tell you, i have no built it and have no idea how to check who did.
my guess is apache is set up as a secure proxy in some way.

either way the problem began when the certificate expired and i renewed it (which is pretty straight forward)
after that not resolving the "expired warning" i reissued the certificate, which also did not help.

so i was wondering if apache caches the certificate somewhere (could not find anything in the httpd.conf) or if this might be a browser related issue (so far all browsers i tried give the warning though)

also when renewing the certificate i had to rename the certificate files to the filenames used in the httpd.conf (triple checked for spelling errors) i dont know if this might cause a problem.

i know my way around apache pretty well (at least i thought so) but never had any problems with certificates.
i have been working on this for 2 weeks non stop now and it is really starting to get to me.

any help is appreciated.

James LooneySr. Programmer/AnalystCommented:
Oh yeah, that is annoying as heck.

Well let's see. All the things you mention could certainly make a difference.

First, after installing the new certificate, did you fully stop and then start apache?
apachectl stop;
apachectl start;

Second, did you install the certificates in the same directory as the old ones (overwrite the old ones)?
If not, did you adjust the directory paths in httpd.conf?
southwaveAuthor Commented:
i tried a software as well as a hardware restart.
and i backed up the old certificates before putting the new ones in,
triple checked the links in the httpd.conf
James LooneySr. Programmer/AnalystCommented:
Dang. Well, hmmm. And nothing else has changed - ip used, other software changes to the server, etc? Only the new certs?

If so, the only thing I can think of is that the certs were generated with different info than the previous ones. Can you verify the contents of the old certs as well as the new certs?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
southwaveAuthor Commented:
nothing in the setup has changed.

and i have used the "openssl req -new -newkey rsa:2048..." etc command  to generate a new csr file and then reissued the certificate.

copied the .key file to the right place as well.
James LooneySr. Programmer/AnalystCommented:
Sorry, I'm just not sure w/o being able to sit down at the console and do some digging. Hopefully someone else will have an "aha!" moment and post some further help.
southwaveAuthor Commented:
well thanks for your help anyway :)
southwaveAuthor Commented:
after setting up a local test system with a spare box i have here i noticed that the date on the certificate has now changed.

it says it is valid from the start date of the old certificate and ends at the end date of the new certificate.
which makes me believe it reads from both the old and the new certificate.
James LooneySr. Programmer/AnalystCommented:
Wow. That sounds fun. :)

Let's see, some browsers hang onto some certificate information (so that you won't get those annoying popups each time). So, maybe check to see if that is the case.

I'll assume you are using Internet Explorer, Look on this page for "Installing and Removing Trusted Certificates" and it'll tell you how to remove cert info from the browser:
ParanormasticCryptographic EngineerCommented:
Check to see if there might also be a file ssl.conf if you use virtual hosts.
Here is a generalized walkthrough on how to install the cert - make sure there aren't remnants of the old one hanging aroud in there.

On the client browser (assuming IE here) - internet options - content - clear ssl state - close all open browsers and try again.
southwaveAuthor Commented:
i have used a fresh image to create a new box for testing purposes.
copied the new certificates over to replicate the problem i was having.
somehow on the new box it works perfectly.

used the new box to create a new image, and copied the new image to the old box.
all is working fine now.

Thanks alot for the help.
southwaveAuthor Commented:
I have given points because the help i got was really good, even though it did not produce a solution.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.