[Dshield] Digital certificates

Stephane Grobety security at admin.fulgan.com
Thu Oct 21 07:38:22 GMT 2004


AF> What is the effect of an expired certificate, both on the hosting site
AF> and on the browser that encounters it?

Well, the question, as such, doesn't make a whole lot of sense. The
only meaningful answer would be: it depends what you use the
certificate for, why you sign with it. what software you used to
sign and verify that signature and how you have setup these programs.

Now, if you are talking about "what happens when I use an X509
certificate to certify a web site and that certificate has an
expiration date in the past", then I can give an answer that is a bit
better: Assuming that your server software accepts to use a
certificate with an expiration date in the past (that's pretty
standard), then the client browser should complain: Such certificate
is not "legal". Now, exactly what happen is left to the browser:
theoricaly, it should reject the connection alltogether. But in
practice, most browser will present the user with a security warning
and ask him to chose a course of action: wether to continue even if
the certificate is invalid or to stop right there.






More information about the list mailing list