Hi,
I have a very strange issue with a website of mine. It's a web application, HTML/JS and it uses websocket. It's served by apache2, accessible through HTTPS with a wild-card valid certificate signed by a trusted CA and that part works very fine. The websocket part is through rabbitmq webstomp, under HTTPS/WSS on a special port (15671) and this is where I have an issue.
If I go on this website with IE11 while having access to the internet, all goes fine,BUT if I go on this website hosted on a private server accessible through internal networkwithout having access to the internet, the website itself is accessible without warning, but the JS application catch an error while connecting to rabbitmq webstomp, and the IE11 console yield this:
SCRIPT7002: XMLHttpRequest: NetworkError 0x800c0019, Security certificate required to access this resource is invalid.
This is while doing an XMLHttpRequest on https://my.domain.com:15671/stomp/info (which usually send a 101 to redirect on wss://)
This error does not happen with Chrome / Firefox / Safari / Opera / ... in same condition. It only happens with IE11 (pc, tablet surface, windows phone)while not having access to the internet. If the user have an access while going on the website, then disconnect from the internet and refresh the webpage, all goes fine again.
On a surface tablet, the message is more explicit and a "Security Alert" popup ask about this (rough English, the original message was in French)
Certificate revocation information for this website are not available. Continue? (choices are: yes, no, show certificate)
Our guessing so far: https on default port (apache2, classic html) works fine with our certificate, but https on a different port (like 15671) trigger a check about certificate revocation, which can not be performed without access to the internet and so the connection failed. This is confirmed by the facts:
* all goes fine while having an access to the internet.
* all goes fine again when disconnecting from the internet if connected once.
* all goes wrong again if erasing the crl cache or changing the current date to a month later.
While only with IE11?
How can we fix this without telling our client to change some deep hidden property in their OS / Browser / Tablet / Mobile?
Thank you.
