We also have an in-house tool to warn of expired certificates.
This is intentional, for the purpose of verifying older certificates.
To me, at first glance it would make more sense to remove expired certificates. I assume the benefit of leaving expired certs installed is that an application can warn a user about an expired CA cert instead of providing less information via a "not a trusted CA" warning. Could you please expand on your comment about verifying older certificates?
Thanks
smime.p7s
Description: S/MIME cryptographic signature
