Juraj Duráni created TEIID-4080: ----------------------------------- Summary: SSL - client accepts server's certificate even if server's root CA is expired Key: TEIID-4080 URL: https://issues.jboss.org/browse/TEIID-4080 Project: Teiid Issue Type: Bug Affects Versions: 8.12.5 Reporter: Juraj Duráni Assignee: Steven Hawkins Priority: Blocker Attachments: keystore_client.jks, keystore_server_root_expired.jks, truststore.jks, truststore_expired.jks If SSL is enabled (1-way or 2-way) server provides to the client certificate which must be signed by valid certificate of trusted CA. If server provides certificate which is signed by certificate of root CA which already expired client accepts this certificate. Client should not accept such certificate. This affects 1-way and 2-way authentication modes. -- This message was sent by Atlassian JIRA (v6.4.11#64026)