Java trustmanager behavior on expired certificates

Question

Does java\'s TrustManager implementation ignore if a certificate has expired?
I tried the following:
- Using keytool and parameter -startdate \"1

Answer 1

I've just had a similar issue myself while overriding checkServerTrusted.

Turns out that if you need to check expiration you can call X509Certificate.checkValidity() and it will throw either a CertificateExpiredException or a CertificateNotYetValidException. Both of these extend CertificateException so they can be happily thrown by checkServerTrusted.

To solve your problem you could implement a new X509TrustManager which creates your original instance in its constructor, implements all methods as calls to the original instance, and adds a call to checkValidity for each certificate in certs[] inside checkServerTrusted.