I opened up my keychain and I find a handful of expired certificates in my userspace. If I dig in, I find under Trust settings, they are set to "Use system defaults". In that case, the system won't trust an expired certificate. I am allowed to edit this setting to "always trust" or "never trust". You can also click on the question mark to the right to pull up a much more detailed description of the behavior of the trust settings. "Always Trust" should override certificate expiration.
