You have to modify the sender's public-key certificate, make sure the sender would have a copy of that and modify the recipient's key as well, Jones says.
Similarly, we can think of long key and certificate validity periods as long password-rotation periods: If passwords are out there forever, someone with malevolent intentions is bound to discover and use them.
"An intermediate certificate is essentially a master key that can create certificates for any domain name, " explained security analyst Chester Wisniewski from Sophos in a blogpost about the security lapse.