Certificate Expired

Today :

forum.arduino.cc uses an invalid security certificate. The certificate expired on 24/12/2016 12:23. The current time is 24/12/2016 13:23. Error code: SEC_ERROR_EXPIRED_CERTIFICATE

I noticed Massimo was online earlier; presumably, he got the same error, and has got his credit card out.

It was reported here:

and looks like the issue has been resolved now.

I would have thought this was a sufficiently serious issue of general interest for one of the development team to have posted about it here. Indeed, there probably should have been a comment about it in the banner at the top of the every page.


I would have though . . .

You would think so.



I would have thought this was a sufficiently serious issue...

On the spectrum of seriousness an expired certificate ranks as "annoying nuisance". The private half of the key is still private. The public half of the key is still public. The certificate is still bound to the domain name (*.arduino.cc). The certificate can still be used to create a secure (SSL/TSL) connection to the computer servicing this forum. There is no functional difference between expired and not-expired.

I know very little about this stuff. If Firefox tells me that a certificate has expired how can I be sure that the problem is not the result of a malicious attack?


You can be sure because an expired certificate is just that, expired, and nothing more. Today's date is greater than a date that is burned into the certificate. Everything that goes into its actual use (key pair, domain name, etcetera) remains the same and valid. The expiration is, quite literally, a mechanism to force people to renew.

There are theories for why continual renewal is important but, in the end, if the certificate owner keeps the private half of the key private and maintains control over the domain name then the certificate is usable until the NSA has a working quantum computer.

Sorry if I am being a pest ...

Do you mean that it is impossible for a malicious person to fake a website in such a way that it appears to be the legitimate site with an expired certificate?


If the only issue is an expired certificate then yes it is impossible.