Re: cert considered invalid when intermediate is expired

[Alfredo Pironti]

>
> Does that imply that a CA that signs a cert that is supposed to be
> valid for 2yrs using an intermediate cert that is valid for 20 months
> essentially makes a cert for 20 months only because for the remaining
> 4 months the cert will be invalid?

I'd say yes, as much as a revoked trusted certificate makes all issued
certificates instantly invalid. Your case looks sort of corner, but I
believe the same verification rule should apply. A wise CA would
refresh their certificate before such a race condition occurs.

Alfredo