Not sure. Some browsers let you do this and it is a bad idea. I did not used to know that. I thought "if the certificate was good yesterday it's still good enough for me today. If the CA wants more money to renew it that is their problem, not mine."
Here is the problem with that logic. If there is a problem with the integrity of a certificate the CA will revoke it. Perhaps there was some error in their signing process, or some intermediate certificate has been compromised. Except that expired certificates are never revoked. If there is some problem with the certificate you would never know, and your session could be compromised. If the data is important enough to encrypt and to validate the server connection, it is important enough to not ignore expired certificates. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Frank Swarbrick Sent: Wednesday, January 5, 2022 12:51 PM To: [email protected] Subject: FTP client, server certificate is expired Is there a way to tell the z/OS FTP client to ignore (and allow) an expired server certificate to be used? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
