Clean expired browser certificates

Problem:

I recently had to debug a problem where some intranet websites became inaccessible, reporting error 403. The problem was that many of the intranet sites require installing a private certificate in a browser. Once that certificate expires, the site becomes inaccessible (I assume this is conditional to how the site security is configured). It is not an obvious step to check for expired certificates in a broswer: there are no reminders.

Proposal:

Please consider checking for and removing expired ceritificate in browsers: Firefox + clones, Chrome + clones, other browsers. Make a new option that has to be enabled for this.

I really cannot see that removing expired site certificates is something that CCleaner should have anything at all to do with.

It is a junk and temp file cleaner.

One could make the argument that expired certs are junk, but I don't know enough about them to know how or if ccleaner would be able to tell the difference between valid and invalid certs

There have been one or two instances lately where malware authors have stolen certs and signed them themselves. It is not really an area that I would like ccleaner getting involved in on my machine.

If anyone wants to have a quick look at some of their certs, open up Internet Options in your Control Panel click on the content tab and then click on certificates (do not delete any or alter them in anyway unless you know exactly what you are doing ) There are different types of certificates depending on who issued them.

I thought it was up to the site to tell the browser it needed an updated certificate, and then the browser such as Firefox for example would download what's needed from a trusted source.

To keep them updated in Internet Explorer try visiting the Microsoft Update website on update Tuesday, I know in XP you have to manually select them (root certificates at least) to be updated from Microsoft Update, don't know about newer versions of Windows.

Not sure just how applicable this is, but Gibson Research has a "fingerprint checker" here:

https://www.grc.com/fingerprints.htm

Probably won't help sterdun, who probably already knows about it, but I just found it and others might not know.

Yesterday I think all mine were wrong, but that may have been because of a pre-coffee daze. Today they're right.

If you are cleaning expired certificates,

should you compete the job by also checking for and deleting certificates that have been revoked ?

( Which for some people then raises suspicions that CCleaner might be phoning home :o )

Thank you all for enthusiatic responses!

My impression is that CCleaner knows where specific applications stash junk. For me, expired certificates fit into that category: why would want to keep them? Situation is worse for corporate proxied network: various misconfigured servers leave junk ceritificates that browser will keep for years.

I am not sure of FireFox automatically updates top level certificates. Either way, why would you want to keep old expired ones?