Here are the details about the scenario
---------------------------------------------------
We have two sites
a.domain.com ,
b.domain.com configured with google SSO. Both these sites are sending assertion to google. And we are using google drive service inside these sites.
(We have noticed that the certificate is expired in March 2017)
Recently we have created one more site
c.domain.com using the same content of the above mentioned website. When we trying to send assertion to Google service we are getting ""This account cannot be accessed because the login credentials could not be verified."" error. Then we have checked in google forums and figured out this is due to the expiration of signing certificate. And then we have replaced public certificate in google admin console and also updated the certificate in
c.domain.com. Now everything is working as expected.
But the strange issue is that still both
a.domain.com and
b.domain.com is working fine with old EXPIRED certificate. We have cleared the browser cache and still the same effect.
So the question is: Why both these sites assertion is still valid with old expired certificate.???