Menu
Hey everyone just a quick question.
Lets say I am connected to a server with a SSL connection. Now say while I am connected the Certificate expires. Will the connection close or is nothing going to happen at all?
I would think that nothing will happen at all but I'm not 100 % sure.
286
Yes and yes. Expired or not, your connection is fully encrypted. As you say, the only issue is trust (and Firefox's ugly warnings about expired certificates). Especially in smaller corporations, securing webmail through self-signed (thus untrusted) certificates is a common practice.
What Happens When a Security Certificate Expires? When using an expired certificate, you risk your encryption and mutual authentication. As a result, both your website and users are susceptible to attacks and viruses. For example, a hacker can take advantage of a website with an expired SSL certificate and create a fake website identical to it.
After this period has passed, browsers display a warning on the webpage, signifying that the SSL certificate expired. These certifications often expire after three years or less. This is to make sure all information in your certificate is accurate, and it proves your validity as the trusted owner of the domain.
The simple answer is, get a new one NOW. Your website will show a message, “Your connection is not private.” If a client still logs in to your website, the communications will not be encrypted. It will be in plaintext, and therefore, anybody can read it. Thus, you should make sure you renew your SSL certificate before it expires.
It depends on the client implementation.
However, the connection will likely remain active as the validity of the certificate is checked during the TLS/SSL handshake, which happens once at the beginning of the session when the connection is opened.
102
To extend the other answers: the certificate will only be checked within a full handshake. Usually at most one full handshake is done per TCP connection (at the beginning) but with renegotiation another full handshake might be done.
But with session resumption only the first TCP connection in the SSL session will do a full handshake. This means that it will not detect a changed or expired certificate even when establishing a new TCP connection as long as an existing SSL session is resumed inside this TCP connection.
The reasoning behind this: The certificate is used to make sure that the SSL session is with the expected party and not some man in the middle attacker. So it must be checked at the beginning of the SSL session, i.e. a whenever a full handshake is done. Since an established SSL session is integrity protected a man in the middle tampering with the connection would be detected. So one does not again need to verify the certificate during the SSL.
28
The certificate will be checked once for validity at the beginning of the connection, and again during the connection (or a subsequent one sharing the same session) if either side requests a full handshake, which is usually only done to escalate the cipher suites, request a client certificate, etc.
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
