After moving this website completely to HTTPS, it would no longer load in Internet Explorer. IE’s well known for having compatibility issues with websites that other browsers do not have but this was different from what I had ever seen before.
IE didn’t display anything useful to describe what error was encountering, it put the issue down to connection issues, the same error you’d receive if you lost your internet connection. Not useful at all for diagnosing the problem.
I then looked at the Apache error logs and noticed the following errors being logged every time the site was accessed from IE:
[Fri Dec 30 22:04:09 2011] [error] [client 220.127.116.11] Re-negotiation request failed
[Fri Dec 30 22:04:09 2011] [error] SSL Library Error: 336068946 error:14080152:SSL routines:SSL3_ACCEPT:unsafe legacy renegotiation disabled
Google didn’t give me any help worthwhile so I had to resort to commenting out the SSL directives in the virtual host configuration file. I eventually narrowed it down to the following directive:
Disabling that directive made the site load successfully in Internet Explorer. The SSLVerifyClient directive sets the certificate verification level for the client authentication. I’m not sure why Internet Explorer doesn’t like this because my certificate is from a valid issuing authority. I guess it’s just one more thing that doesn’t work in IE…