Handling of expired certificates in Windows Certificate Store

[dmpriso]

Feature Request

Previously started here: #2130 (comment)

Use Case:

A typical windows server often already contains TLS certificates in the certificate store which have however expired.
The current NATS configuration only allows for matching a subject or an issuer of the certificate, so nothing unique (like a hash), and it also doesn't care about certificate validity

Proposed Change:

Add an option to skip expired certificate when searching for a match in the certificate store

Who Benefits From The Change(s)?

• Administrators configuring NATS server instances

Alternative Approaches

Add another configuration option for searching for a certificate hash.

[tbeets]

Makes sense to allow Windows repeated search until no more hits or a time valid cert (whichever first). Thanks for the contribution @dmpriso . I will review the PR.