SSL certificate cached by Chrome and service worker

[guillerm...@htmniseko.com]

I have a new SSL certificate for my sites, it loads correctly on Chrome for most of my sites except for the one that is using a Service Worker, it keeps loading the old SSL certificate. Does Google Chrome cache the SSL certificate alongside with the Service Worker? 

As long as I manually remove the service worker on my local using DevTools, then on the next refresh I got the new SSL certificate.

[Ryan Sleevi]

bcc: chromium-dev

+net-dev

Chrome does keep the certificate cached as part of its cache entries. If it goes to the network (for example, to reverify the cache), it will update how that entry is reported. However, if it does not have to go to the network to revalidate (perhaps due to Cache API, or perhaps due to Service Workers' refresh period), then you'll get the certificate associated with the network connection the resource was originally received on.

I may have missed some subtlety in your use case, please let me know if that explains it though.

On Wed, May 30, 2018 at 1:42 AM, <guillerm...@htmniseko.com> wrote:

I have a new SSL certificate for my sites, it loads correctly on Chrome for most of my sites except for the one that is using a Service Worker, it keeps loading the old SSL certificate. Does Google Chrome cache the SSL certificate alongside with the Service Worker? 

As long as I manually remove the service worker on my local using DevTools, then on the next refresh I got the new SSL certificate.

--
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/b9478b90-f9b7-4837-830c-169143aa2a17%40chromium.org.

[guillerm...@htmniseko.com]

So let's say the old certificate will expire tomorrow, then when someone loads the site, will Chrome try to get a new one and will make a request to the server?

[Ryan Sleevi]

Moving Chromium-dev back to BCC.

If someone loads your site and they've not contacted it before, they will see your new certificate.

If someone loads your site entirely from the disk cache, they will see your old certificate, as that was the certificate used for the cached resource, the same as they'd see the headers used from the disk cache.

If someone loads your site, and it has to make a network request to revalidate the resource as cached on disk, then they will see the new certificate.

[guillerm...@htmniseko.com]

Awesome! Thanks for the answer!