RE: Expired certificates

There are three issues here:

1. If you are not using it, recover the MS licence, data, server
space and save power.

2. If it is not used it will not be monitored and an unmonitored
server will be a security if not now, then soon.

3. If you have overlooked some application that uses the IIS
certificates, and users get to see them, they will either start asking
questions, or start to ignore expired certificate alerts.

While No3 this is not a risk to for directly the IIS box, it is has a
negative message to the users that is hard to reverse. Users cannot see
why an internal expired certificate is ok but an external one is not.
It's a debate you don't want to have.


HTH

Nebs

------

Web: www.logicallysecure.com
NEW - UK IT Sy Forum: www.logicallysecure.com/forum




-----Original Message-----
From: 1tgeye@xxxxxxxxxxxx [mailto:1tgeye@xxxxxxxxxxxx]
Sent: 26 April 2006 16:51
To: Security-Basics
Subject: Expired certificates

We have an IIS server with an old certificate that has expired. We do
not use it anymore and I am arguing to remove it from the site. Other
people are saying it doesn't hurt anything and just leave it there.

Can anyone give me a reason why an unused but expired certificate could
cause a security risk? I would like to add that to my argument why it
should be removed.

------------------------------------------------------------------------
-
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected.

Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
------------------------------------------------------------------------
--


-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------

Relevant Pages

  • Re: Expired certificates
    ... While on the surface it seems like a mundane issue, who really cares beyond desensitizing users about security warnings? ... A primary reason for expiring a certificate is because the lifetime of the key has passed and could have been cracked. ... FREE 30-Day Trial of Spy Sweeper Enterprise ...
    (Security-Basics)
  • Expired certificates
    ... We have an IIS server with an old certificate that has expired. ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ... See why so many companies trust Spy Sweeper Enterprise to ... FREE 30-Day Trial of Spy Sweeper Enterprise ...
    (Security-Basics)
  • Re: Expired certificates
    ... Can anyone give me a reason why an unused but expired certificate could ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ... See why so many companies trust Spy Sweeper Enterprise to ... FREE 30-Day Trial of Spy Sweeper Enterprise ...
    (Security-Basics)
  • Re: The update site is messed up again - (0x800C0008)
    ... A day later I tried getting into windows update and noticed the 800C0008 issue. ... > "George Hester" wrote in message ... > I was given a certificate notice and asked if I wanted to install. ... >> The difference being they update OK with the expired certificate. ...
    (microsoft.public.windowsupdate)
  • Re: The update site is messed up again - (0x800C0008)
    ... "George Hester" wrote in message ... What I did is nab the iuctl.cab out of the Windows 2000 Professional that was not having the issue. ... Anyway after the change to the expired certificate I mentioned previously and what I just described above I had ficed two issues. ...
    (microsoft.public.windowsupdate)