12

I lost many hours while setting up some self-signed certificates; the problem turned out to be that the browser (Chrome) cached a bad version of the certificate and then just wouldn't let go. I did lots of experimentation modifying the certificate, only to learn these experiments were testing nothing because the browser was not reading the new versions of the certificate.

Eventually, I clicked on the "not valid" indicator which shows up in the browser's address bar, just to the left of the URL. Who knew that this was an active element? Clicking on it allowed me to see browser's version of the certificate. The expiration date and time didn't match the newest certificate; that's how I knew the browser was using the wrong version.

I found another, similar question on StackExchange, but none of the answers worked for me. (The Chrome "settings" interface keeps changing.) So what does work on Chrome version 81, to clear the certificate cache?

IAM_AL_X
  • 231
  • 1
  • 2
  • 5

4 Answers4

2

The easiest way for me to make sure the chrome will always get the most updated certificate is to open an incognito window (ctrl + shift + N on Chrome).

Note that as far as I can understand, the certificate will stays on that incognito window as long as the window remain active. So to test/experiment a change on my certificate setting, the cycle would go like this:

  • change some settings
  • open incognito window
  • do the test/experiment there
  • close incognito window
  • change another settings
  • open new incognito window

and so on.

Important: as long as you still have incognito window remain opened somewhere, the certificate will not be deleted/removed when you create another new incognito window. The remove behavior will only trigger when all incognito windows are closed. So you need to make sure that your incognito window is being opened one at a time for this behavior to work.

rahmatns
  • 21
  • 5
  • Not a real solution. See comment by Taylor D Edminston under the 2002-09-22 answer by Ken. He says it has effect "only for the incognito tabs without affecting existing or new normal tabs". – IAM_AL_X Jun 16 '23 at 16:52
  • Yes, I think we all both agree that the incognito will not affect existing tabs nor normal tabs in any way, and I also think that is what incognito is supposed to behave. But what I've experienced in this past years checking a cert on many different site I've developed, the newly created incognito window (freshly opened without any existing incognito window being opened before) will always fetch the most updated certificate. So, yeah, this is not a real solution to the problem. But at least this is a solid workaround for "testing SSL certificate", at least from what I can understand. – rahmatns Jun 19 '23 at 04:34
1

I believe the following is the minimum required to clear the certificates out of the cache in Chrome 81.

  • From the 3-dot menu (upper, far right), click "Settings". This opens a new tab.

  • Just to reduce variables, I closed all other tabs.

  • In the "Settings" tab, select "Privacy and security".

  • Choose "Clear browsing data -- Clear history, cookies, cache, and more"

  • In the "Clear browsing data" pop-up panel, put a check-mark at "Site Settings". Probably you can make everything else unchecked. (Note that if you don't uncheck "Cached images and files," it can take the computer several minutes to handle that task. So, uncheck it.)

  • Click the "Clear data" button.

  • When that task finishes, I recommend shutting down Chrome, and restarting it.

I tried a lot of stuff. I believe this was the action plan that actually made a difference.

IAM_AL_X
  • 231
  • 1
  • 2
  • 5
0

If nothing else works, delete your google chrome profile/settings directory from file system. Just notify your OS to give you instructions.

Krackout
  • 1,575
  • 7
  • 20
0

Did anyone find a practical solution for this?

I can just open an incognito window and do it from there, but I would prefer to just have the site that needs the certificate in my normal browser instance and have it request the certificate again.

(if the clearing the cache takes more time then setup the additional settings in an incognito window it doesn't make sense)

Ken
  • 101
  • There does not appear to be any obvious way to reset this data from within Chrome. I can reproduce viewing a site in incognito fetching the new cert, but only for the incognito tabs without affecting existing or new normal tabs which still see the expired cert that had since been replaced. What did work for me was simply restarting the Chrome app. – Taylor D. Edmiston Nov 21 '22 at 05:43