What happens if a code signing certificate expires

A software publisher or developer can sign their work using a certificate issued by a trustworthy Certificate Authority, which is an authorized entity to issue a code signing certificate. This Certificate Authority verifies the legitimacy of the publisher and signs the required code signing certificate after validating specific requirements. Suppose if your code signing certificate does not have a validity period, and your business shuts down due to unforeseen circumstances like the COVID pandemic.

The chances of your certificate slipping into the hands of online offenders are high. Then these offenders would be able to trick your customers into downloading malicious software using your valid code signing certificate. That is the major reason why a code signing certificate has an expiry date in place — to ensure the utmost security, as well as keep up with the industry standards. Note that an expired code signing certificate signifies that your signed piece of software or application will no longer be trusted by popular operating systems and antivirus programs.

But timestamping ensures that your software maintains indefinite trust even after the code signing certificate lapses. Will I have to rebuild my Microsoft SmartScreen reputation after I renew my code signing certificate?

SSL Support Team. Related FAQs. View All FAQs. Follow Us. Handle sslcorp. Facebook Twitter Youtube Github. Play Video. Subscribe to SSL. What is SSL? Create a free Team What is Teams? Collectives on Stack Overflow. Learn more. What happens when a code signing certificate expires? Ask Question. Asked 12 years, 11 months ago. Active 10 months ago. Viewed 63k times. Any ideas? Improve this question.

Rob Rob FF message: "www. The certificate is not trusted because the issuer certificate is unknown. Use KSoftware. Standup guy, been around for years, I know him personally. Comodo is pretty famous in the industry. It was also mentioned by BCran below. Add a comment. Active Oldest Votes. Code Signing Certificates are valid for 1 or 2 years depending on which life cycle you choose when you purchase the certificate.

Is timestamped code valid after a Code Signing Certificate expires? Timestamping ensures that code will not expire when the certificate expires because the browser validates the timestamp.

The timestamping service is provided courtesy of VeriSign. Improve this answer. Adi Lester 24k 12 12 gold badges 88 88 silver badges bronze badges. Martin Vobr Martin Vobr 5, 2 2 gold badges 36 36 silver badges 43 43 bronze badges. This is the correct answer, of course. You need to use a trusted peer and digital timestamping so that your app stays valid ad vitam once it was signed.

If you look at the binary's properties after the code expires, does it still have a digital signature tab? Note my Windows Defender answer below. You do not want your certificate to expire, so get a 10 year one. Guess who didn't know to ask? James Newton James Newton 7 7 silver badges 16 16 bronze badges.

The startcom forum link is dead. Here is the archived version: web. Designed by Microsoft? BCran BCran 1, 19 19 silver badges 16 16 bronze badges. That is my assumption. Will: no, it will work for certificates from any vendor. I've used it with my Globalsign cert.