For some reason IE8 / IE7 / IE6 / IE5 on Windows XP, instead to use the certificate that is listed on the Nginx website config, is using another certificate that is used for other websites.
Checking the Nginx config file for the website everything is fine. A confirm of this is that all the other browsers (Chrome/Firefox/Safari/IE9) are using the correct certificate.
This is the nginx configuration for the app:
server {
listen 80;
listen 443 ssl;
server_name mydomain.com;
ssl_certificate /root/certs/mydomain.com/mydomain.bundle.crt;
ssl_certificate_key /root/certs/mydomain.com/mydoamin.key;
access_log /opt/webapps/cs_at/logs/access.log;
location / {
add_header P3P 'CP="CAO PSA OUR"';
proxy_pass http://127.0.0.1:20004;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
}
}
Here the solution:
https://serverfault.com/questions/203574/why-does-ie-think-that-my-certificate-is-invalid http://nginx.org/en/docs/http/configuring_https_servers.html#sni
The TLS Server Name Indication extension protocol is not supported on IE8/IE7/IE6 under Windows XP.