How to verify that timestamping is done correctly for signed code

前端 未结 3 1002
广开言路
广开言路 2021-02-20 05:10

I have just got my code signing certificate from StartSSL and am trying to sign our installer.

The signing process goes well and I get an installer exe that Windows no l

3条回答
  •  别那么骄傲
    2021-02-20 05:40

    Sorry, I don't have an answer for you, but it does look like you shouldn't be seeing the behavior that you are, according to Comodo's Instant SSL FAQ.

    Is timestamped code valid after a Code Signing Certificate expires?
    Timestamping ensures that code will not expire when certificate expires. If your code is timestamped the digital signature is valid even though the certificate has expired. A new certificate is only necessary if you want to sign additional code. If you did not use the timestamping option during the signing, you must re-sign your code and re-send it out to your customers.

    Comodo seems to be authoritative on this subject, so I'm inclined to believe what they say.

    I'm anxiously waiting for the answer on this myself, because I'd very much like to purchase a code signing cert from StartSSL myself. I did notice on their site, that the code certs are 'beta' so maybe this is something they need to get the kinks worked out of.

提交回复
热议问题