The cert expired literally 10 days ago. Honestly, the whole PKI industry is a giant load of crap at this point. Root CAs paying Mozillia, Microsoft, and Google to be 'trusted' by default. Root CAs charging customers tons of money for a service that quite literally is almost self-substaining. I mean, really -- have you ever ran your own CA? It takes very, very little skill. Create your root CA, create a few subordinate CAs, create a few under those, lock up the root (never let that to be directly accessed), lock down those 2nd level CAs, and send out keys using the 3rd level CAs. If anything gets compromised, it's a pretty easy fix. But who targets it?

Anyway, enough of my rambling -- a certificate doesn't say the site is 100% legit or not. It could have been compromised ages ago for all we know.