SSL Certificate seen as invalid by older versions of IE

Question

I'm encountering a problem with a SSL certificate. Everything works perfect in Opera, Firefox, Chrome, Safari and IE9, and the Certificate is perceived as being valid (just as it should be). However, IE8, 7 and below won't open the page

Do you have any idea what might be wrong with the certificate?

You can see the secure version here: https://secure-load.com (the page is blank)

Thank you for your help

Edit

In case anyone else has this problem, it was the SNI in our case. Once we took care of that, everything went just fine

Answer 1

The certificate you are using was issued by StartCom. According to this forum post the StartCom CA was added as trusted root CA by Microsoft in 2009. May be the clients that do not accept the certificate are running on system which are older and that did not install the trusted certificate updates. You can check that by opening the certmgr.msc management console.

For Windows XP you can download the most recent trusted root CA list here: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=6149

Afterwards any IE running on the updated system should accept the certificate.

Update: Alternatively there may a different reason: The server you are using is hosting multiple HTTPS sites with different certificates. This requires a feature called "Server Name Indication (SNI)" on client side. According to Wikipedia on Windows XP IE7 and 8 do not support SNI and therefore get back the wrong certificate from the server (in this case the one from www.snakeoil.dom).

Answer 2

You can check the reason why the older IE version are not able to validate the certficate. What @Robert has said could exactly be the reason. You can download and add the StartCom CA certificate to your truststore on older IE versions. That should probabaly fix your problem.