diff --git a/common/djangoapps/external_auth/tests/test_ssl.py b/common/djangoapps/external_auth/tests/test_ssl.py
index fd9d6afe6c..a1df6607eb 100644
--- a/common/djangoapps/external_auth/tests/test_ssl.py
+++ b/common/djangoapps/external_auth/tests/test_ssl.py
@@ -2,6 +2,7 @@
 Provides unit tests for SSL based authentication portions
 of the external_auth app.
 """
+import copy
 import unittest
 
 from django.conf import settings
@@ -31,9 +32,12 @@ FEATURES_WITH_SSL_AUTH_AUTO_ACTIVATE = FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP.c
 FEATURES_WITH_SSL_AUTH_AUTO_ACTIVATE['BYPASS_ACTIVATION_EMAIL_FOR_EXTAUTH'] = True
 FEATURES_WITHOUT_SSL_AUTH = settings.FEATURES.copy()
 FEATURES_WITHOUT_SSL_AUTH['AUTH_USE_CERTIFICATES'] = False
+CACHES_ENABLE_GENERAL = copy.deepcopy(settings.CACHES)
+CACHES_ENABLE_GENERAL['general']['BACKEND'] = 'django.core.cache.backends.locmem.LocMemCache'
 
 
 @override_settings(FEATURES=FEATURES_WITH_SSL_AUTH)
+@override_settings(CACHES=CACHES_ENABLE_GENERAL)
 class SSLClientTest(ModuleStoreTestCase):
     """
     Tests SSL Authentication code sections of external_auth
diff --git a/common/djangoapps/util/cache.py b/common/djangoapps/util/cache.py
index bd24d0bee7..1e50ac8589 100644
--- a/common/djangoapps/util/cache.py
+++ b/common/djangoapps/util/cache.py
@@ -8,6 +8,7 @@ not migrating so as not to inconvenience users by logging them all out.
 import urllib
 from functools import wraps
 
+from django.conf import settings
 from django.core import cache
 
 
@@ -49,7 +50,14 @@ def cache_if_anonymous(*get_parameters):
         @wraps(view_func)
         def wrapper(request, *args, **kwargs):
             """The inner wrapper, which wraps the view function."""
-            if not request.user.is_authenticated():
+            # Certificate authentication uses anonymous pages,
+            # specifically the branding index, to do authentication.
+            # If that page is cached the authentication doesn't
+            # happen, so we disable the cache when that feature is enabled.
+            if (
+                not request.user.is_authenticated() and
+                not settings.FEATURES['AUTH_USE_CERTIFICATES']
+            ):
                 # Use the cache. The same view accessed through different domain names may
                 # return different things, so include the domain name in the key.
                 domain = str(request.META.get('HTTP_HOST')) + '.'