[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cert considered invalid when intermediate is expired
|
From: |
Richard Moore |
|
Subject: |
Re: cert considered invalid when intermediate is expired |
|
Date: |
Fri, 26 Oct 2012 17:02:25 +0100 |
On 26 October 2012 14:15, Michal Suchanek <address@hidden> wrote:
> Both GNUtls and OpenSSL refuse to verify the connection.
>
> I am not sure if the certificate is technically valid in this case or not.
>
> Any insight?
It is invalid, however browsers that cache intermediate certificates
(which most do) are sometimes able to still find a trust path from
the leaf to one of the trust anchors (root CAs) by using a more recent
replacement for the intermediate certificate if they have encountered
it on another site. The replacement intermediate certificates often
reuse the same private key which is what makes this work.
Regards
Rich.