test05Certificates are only valid for a specified time period. The more you use a key pair and a certificate, the easier it becomes for someone to be able to figure it out. Short lived keys are better. Because site administrators feel that it’s a hassle to update, request and install certificates and keys, the market has standardised on one, two and three year certificates.

The CA certificates are usually more long lived. A client using TLS should have proper time and validate the current date against the dates in the certificates presented by a TLS server. Expired certificates are not trustworthy. Certificates not valid yet is another enigma.

The certificate on this server is not valid yet. Your client should not accept this (if the clock set on your system is correct).

 

Should fail

 

 

 

 

 

tls-o-matic-next