Y
Hacker News
new
|
ask
|
show
|
jobs
by
LeonM
2093 days ago
CAs simply never sign a cert with an expiry longer than their own root cert.
Thus, by the time the root cert expires, all client certs will already be expired.