cert considered invalid when intermediate is expired
alfredo.pironti at inria.fr
Sun Oct 28 12:55:35 CET 2012
> Does that imply that a CA that signs a cert that is supposed to be
> valid for 2yrs using an intermediate cert that is valid for 20 months
> essentially makes a cert for 20 months only because for the remaining
> 4 months the cert will be invalid?
I'd say yes, as much as a revoked trusted certificate makes all issued
certificates instantly invalid. Your case looks sort of corner, but I
believe the same verification rule should apply. A wise CA would
refresh their certificate before such a race condition occurs.
More information about the Gnutls-help