I'm reading into security issues surrounding SSL, and one of that has come up is certificate expiration. The general idea is that once a certificate expires, the site is insecure. What is the difference between an expired certificate and valid certificate, seeing as they both still encrypt the data? What allows an attacker to compromise an expired certificate that he couldn't do a valid one?
Asked
Active
Viewed 277 times
1 Answers
0
There is not much difference between a valid and expired certificate in the SSL/TLS communication. Both case will allow the communication in a safer way and also the same level of data transmission. Even the certificate is expired , the keys are valid until its compromised. Here the point is that the level of trust to the client. But as a Standard SSL protocol part of verification, the client or server need to do.
user45475
- 1,050
- 2
- 9
- 14