Security Basics mailing list archives

Re: Expired certificates

From: vachanta () gmail com
Date: 26 Apr 2006 22:43:03 -0000

Can anyone give me a reason why an unused but >expired certificate could cause a security ...


Assuming you are referring to SSL certs here.

AFAIK there is no risk involved if its unused,but if it being actively used by average users.

Then Users will be confronted with expired SSL cert warnings on a regular basis will become conditioned to ignore them 
and they will/can ignore any other "real" warnings like MITM messages as well.

so its a good idea to renew expired SSL certs if its a production server

-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
obligation. See why so many companies trust Spy Sweeper Enterprise to 
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------

Current thread:

Expired certificates 1tgeye (Apr 26)
- Re: Expired certificates James Fryman (Apr 28)
- Re: Expired certificates Brooks Garrett (Apr 28)
- Re: Expired certificates Kenton Smith (Apr 28)
- <Possible follow-ups>
- Re: Expired certificates vachanta (Apr 28)
- RE: Expired certificates Steve Armstrong (Apr 28)
- Re: Expired certificates edward . luck (Apr 28)
- Re: Expired certificates anthonylai (Apr 28)
- Re: Expired certificates wojtekp (Apr 28)