[tech] client certificate expiry

Stephane Bortzmeyer stephane at sources.org
Sat Mar 27 09:23:22 GMT 2021


On Fri, Mar 26, 2021 at 07:54:48PM +0100,
 mbays <mbays at sdf.org> wrote 
 a message of 43 lines which said:

> Under what circumstances would it make sense to set an expiration
> date? What does it indicate? RFC5280 says "The certificate validity
> period is the time interval during which the CA warrants that it
> will maintain information about the status of the
> certificate.". With a self-signed certificate there's no CA, so this
> seems to be meaningless.

Without an expiration date, any compromission of the private key lasts
forever. Expiration dates are also here to prevent the thief from
using the certficate infinitely.


More information about the Gemini mailing list