I recently had to debug a problem where some intranet websites became inaccessible, reporting error 403. The problem was that many of the intranet sites require installing a private certificate in a browser. Once that certificate expires, the site becomes inaccessible (I assume this is conditional to how the site security is configured). It is not an obvious step to check for expired certificates in a broswer: there are no reminders.
Proposal:
Please consider checking for and removing expired ceritificate in browsers: Firefox + clones, Chrome + clones, other browsers. Make a new option that has to be enabled for this.
One could make the argument that expired certs are junk, but I don't know enough about them to know how or if ccleaner would be able to tell the difference between valid and invalid certs
There have been one or two instances lately where malware authors have stolen certs and signed them themselves. It is not really an area that I would like ccleaner getting involved in on my machine.
If anyone wants to have a quick look at some of their certs, open up Internet Options in your Control Panel click on the content tab and then click on certificates (do not delete any or alter them in anyway unless you know exactly what you are doing ) There are different types of certificates depending on who issued them.
I thought it was up to the site to tell the browser it needed an updated certificate, and then the browser such as Firefox for example would download what's needed from a trusted source.
To keep them updated in Internet Explorer try visiting the Microsoft Update website on update Tuesday, I know in XP you have to manually select them (root certificates at least) to be updated from Microsoft Update, don't know about newer versions of Windows.
My impression is that CCleaner knows where specific applications stash junk. For me, expired certificates fit into that category: why would want to keep them? Situation is worse for corporate proxied network: various misconfigured servers leave junk ceritificates that browser will keep for years.
I am not sure of FireFox automatically updates top level certificates. Either way, why would you want to keep old expired ones?