hyc@symas.com wrote:
When I discussed this with Kurt, we decided to leave things as-is. Replacing an expired self-signed cert with a non-expired self-signed cert wouldn't change anything, you still need to set an explicit exception in your client to trust the cert.
Hmm, but browsers will likely not allow adding an exception anymore in the near future. And e.g. using Let's Encrypt isn't that hard (even without installing the bloated standard client on the system).
Ciao, Michael.