|
|
|
|
|
|
by password4321
1478 days ago
|
|
|
> it would be a questionable practice to do so in general for an automated validation procedure Or, as parent mentioned ("conventionally"): standard practice. Yes, if you have nothing in place to update and check CRLs and transition away from SHA1, you're gonna have a bad time. Is that the clarification you're trying to make? It's not like expiration vs. revocation hasn't been considered: https://social.technet.microsoft.com/Forums/ie/en-US/405be5d... certificates remain in the CRL indefinitely - Code Signing and Kernel Code Signing |
|
|