What happens when a code signing certificate expires?

by

If you timestamp your code while the certificate is valid the effect is that your expired certificates are good.

From Thawte Code Signing Certificate FAQs:

How long can I use a Code Signing Certificate for?

  • Code Signing Certificates are valid for 1 or 2 years depending on which life cycle you choose when you purchase the certificate. Please note: For Microsoft® Authenticode® (Multi-Purpose), you should also timestamp your signed code to avoid your code expiring when your certificate expires.

Is timestamped code valid after a Code Signing Certificate expires?

  • Microsoft® Authenticode® (Multi-Purpose) allows you to timestamp your signed code. Timestamping ensures that code will not expire when the certificate expires because the browser validates the timestamp. The timestamping service is provided courtesy of VeriSign. If you use the timestamping service when signing code, a hash of your code is sent to VeriSign’s server to record a timestamp for your code. A user’s software can distinguish between code signed with an expired certificate that should not be trusted and code that was signed with a Certificate that was valid at the time the code was signed but which has subsequently expired.

More Related Contents:

  1. How to check if a file has a digital signature
  2. Convert a CERT/PEM certificate to a PFX certificate
  3. Server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
  4. If I revoke an existing distribution certificate, will it mess up anything with existing apps?
  5. Web Browser Certificate Enrollment (CSR Generation) and Certificate Download to Smartcard or USB Token
  6. SAML: Why is the certificate within the Signature?
  7. “Warning: unable to build chain to self-signed root for signer” warning in Xcode 9.2
  8. Code Sign error: The identity ‘iPhone Developer: x Xxxxx’ doesn’t match any identity in any profile
  9. Convert pfx format to p12
  10. How to find out the path for OpenSSL trusted certificates?
  11. Getting RSA private key from PEM BASE64 Encoded private key file
  12. How to ignore the certificate check when ssl
  13. Xcode 7 error: “Missing iOS Distribution signing identity for …”
  14. How to create .pfx file from certificate and private key?
  15. Understanding keystore, certificates and alias
  16. How can I install a certificate into the local machine store programmatically using c#?
  17. How to disable Firefox’s untrusted connection warning using Selenium?
  18. How to fix Xcode 6.1 error while building IPA
  19. This certificate has an invalid issuer : Keychain marks all certificates as “Invalid Issuer” [duplicate]
  20. Inserting Certificate (with privatekey) in Root, LocalMachine certificate store fails in .NET 4
  21. Signing product flavors with gradle
  22. Appcenter iOS install error “this app cannot be installed because its integrity could not be verified”
  23. The executable gets signed with invalid entitlements in Xcode
  24. Atom certificate has expired [closed]
  25. Alternative timestamping services for Authenticode
  26. How to renew an iPhone development certificate?
  27. Python Requests – SSL error for client side cert
  28. How do I tell WCF to skip verification of the certificate?
  29. Using curl in php with client certificate and private key in separate files
  30. How to fetch string from resource to assign in WPF Resource section in xaml

Leave a Comment