Expired Certificates and Security

Two systems can still communicate even after one of the systems's certificate has expired; communication between two peers persists until you issue a skipd_restart command. The key manager daemon or commands check against certificate expiration upon identities addition or daemon restart. There is no checking against certificate expiration when the ACL and the corresponding key management information have been passed to the kernel.

Previous: Core Files and Security
Next: Chapter 2 Installing Keys and Certificates