When a user tries to authenticate with an expired client certificate, the authentication fails. The log file does not have any information about the expiration of the certificate. Browsers also do not display any error message about it.
To see the logs related to expired certificates, enable the following Java option in Identity Server’s tomcat.conf:
JAVA_OPTS="${JAVA_OPTS} -Djavax.net.debug=ssl,handshake"
For information about how to modify a file, see Modifying Configurations.