SSL Certificates, which create an encrypted link between a browser and a web server, are issued by a Certificate Authority (CA) and are signed by the CA. These certificates expire (usually in 1-3 years of issue), and website administrators are required to purchase a new SSL certificate from a CA and implement it on their site (hopefully) before the old one expires. Browsers confirm that a certificate has not expired and mark the site as insecure if it has. The danger of expired certificates is that a hacker could create a certificate that appears to be issued by a company and apply it to their server. If users of a site get used to ignoring the browser’s warning, they may use the hacker’s site without realizing that the warning is different, and the hacker could perform a man-in-the-middle (MiTM) attack and view the user’s (possibly sensitive) data.