Software AG Products 10.11 | Administering Integration Server | Configuring Integration Server for Secure Communications | Usage of CA Certificates: Technical Considerations | Handling Expired CA Certificates
 
Handling Expired CA Certificates
At times, one or more CA certificates in a chain may pass their expiration dates. When a web browser connects to the Internet resource having such an expired certificate, it might still accept the connection. The web browser can accept the connection if it can access a valid certificate for the CA with the expired certificate. Integration Server, however, cannot connect to a resource with an expired signing certificate in the chain, unless explicitly configured to do so.
In certain cases, you may want Integration Server to accept a connection when one or more of its CA certificates are expired. In cases such as these, you may need to change the value of the watt.security.ssl.ignoreExpiredChains server configuration property. For more information, refer to Working with Extended Configuration Settings. Remember to restart the server after changing the setting.
Note:
It is less secure to ignore the expired certificates than to deny the connection because of expired certificates.