If the certificate store contains expired CA certificates along with re-issued (not-expired) version, it will fail sometimes (but not often, based on OpenSSL's internal data structure), if it hits the expired certificate first. This results in effects as decribed in https://bugreports.qt-project.org/browse/QTBUG-20225, and makes it impossible to connect to the site. Since Verisign and other big vendors and some others have certificates that expired a few months ago and others will soon expire, this issue affects more and more people, especially on Windows which fetches new certs via Windows Update, but doesn't purge the old ones.