When certificates are no longer valid

Digital certificates can expire or be revoked.

Digital certificates are issued for a fixed period and are not valid after their expiry date.

See the Glossary for a definition of certificate expiration.

Certificates can be revoked for various reasons, including:

The owner has moved to a different organization.
The private key is no longer secret.

WebSphere® MQ can check whether a certificate is revoked by sending a request to an Online Certificate Status Protocol (OCSP) responder (on UNIX, Linux® and Windows systems only). Alternatively, they can access a CRL on an LDAP server. The OCSP revocation and CRL information is published by a Certificate Authority. For more information, see Working with revoked certificates.