[Dshield] Digital certificates

Cef cef at optus.net
Thu Oct 21 01:02:09 GMT 2004


On Thu, 21 Oct 2004 03:43, Alan Frayer wrote:
> What is the effect of an expired certificate, both on the hosting site
> and on the browser that encounters it?

The expiration on a certificate is really all to do with trust and management 
of certificates.

If you're using a browser, you get a warning that the certificate expired, and 
you get asked if you want to proceed. This does not necessarily mean that the 
certificate is invalid, it just means it's out of date, but it's left to the 
user to confirm that they want to accept it, as it falls 'outside' of the 
usual areas. If you trust the certificate, and/or the site involved, you can 
simply say 'yes' and keep going. If you don't, you can say no and abort what 
you're doing. It's impact on the hosting site is simply how much a user 
trusts the certificate and therefore the site.

Of course, there could be cases where you won't see a confirmation message, 
such as if you accept the certificate for more than the current session, or 
your browser is set up to reject any expired certificates. Note that how you 
accept and set this up is all up to the browser in question, and every 
browser does this sort of stuff in a slightly different way. Also note that I 
would guess that if you accept a certificate for more than just the current 
session, that any change in the certificate (eg: the certificate expiring) 
should result in the user being prompted to accept the certificate again, 
unless configured otherwise.

-- 
 Stuart Young - aka Cefiar - cef at optus.net



More information about the list mailing list