cert considered invalid when intermediate is expired

Alfredo Pironti alfredo.pironti at inria.fr
Sun Oct 28 12:55:35 CET 2012

> Does that imply that a CA that signs a cert that is supposed to be
> valid for 2yrs using an intermediate cert that is valid for 20 months
> essentially makes a cert for 20 months only because for the remaining
> 4 months the cert will be invalid?

I'd say yes, as much as a revoked trusted certificate makes all issued
certificates instantly invalid. Your case looks sort of corner, but I
believe the same verification rule should apply. A wise CA would
refresh their certificate before such a race condition occurs.


More information about the Gnutls-help mailing list