Users reporting SSL certificate errors? They're on Windows XP IE6/IE7? Other users not seeing the same issues, even on Vista IE7?

Confused? I was. Turns out the answer is pretty simple and well known, IE is crap. Specifically IE7 and lower on Windows XP does not support SNI (Server Name Indication).

This means that if you are hosting your HTTPS site on a server with other sites using HTTPS (port 443) IE will not tell your web server which subdomain to look for when requesting the certificate (e.g. give me the cert for  mysite1.com versus mysite2.com, like it does when making the normal request). So your web server returns the first one under port 443 that matches, because it has nothing to id the target configuration. If this is the incorrect cert it won't match the domain and IE will give an SSL error.

There's no smart way around this, nothing can force the client to send the right info in the certificate request, so if you want your SSLs to work for older machines you need to split out your sites onto different machines.