Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 227
  • Last Modified:

Does expired certificate works?

I have a self signed certificate which is being used my one of our messaging server in our company. Recently I realized that certificate was expired 2 years back but it is still working is being used as the authentication to client. I am wondering how it is possible. Please note we have local company specific root CA. Please help me to understand how it is working in this scenario, I can provided more specific information in this regard. Thanks!
0
beer9
Asked:
beer9
  • 2
  • 2
2 Solutions
 
alreadyinuseCommented:
My understanding is that yes they still perform the SSL encryption. Of course it will continually prompt clients to accept the expired certificate. Whereas a good certificate would avoid the issue.
0
 
ThorinOCommented:
Yes it will continue to work but will prompt. I would suggest buying a cert or you can get a free trusted one from http://cert.startcom.org/
0
 
beer9Author Commented:
On my client configuration file I see few setting for SSL. Please please me to understand it. Because it is set at false so that expired cert of server would also works? Thanks!

enable_verify_host="false"
enable_verify_hostname="false"

Open in new window

0
 
ThorinOCommented:
What client is that on?
0
 
beer9Author Commented:
It is some java application.. internal built tool
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now