What happens when certificate expires

giplet · January 20, 2010, 1:08pm

Hi,

We recently got a code signing certificate that we use to sign our ClickOnce installation.

Will we be able to renew the certificate when it expires? Renewing the same certificate would be preferred, as that would make the ClickOnce just keep working. If we have to buy an all new certificate we will have to find a way to work around this problem.

BR
Christian

prakashkumar84 · January 21, 2010, 3:36am

Hi,

It is not possible to renew a code signging certificate, you need to buy a new certificate after expiry. But to solve this issue you need to use a timestamping option while signing your application so that when your certificate expires your signed application will not show any expiry warnings.

Please follow the below links to know more abouot timestamping.
https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=221&nav=0,96,7
https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=222&nav=0,96,7

Thanks.

giplet · January 21, 2010, 8:32am

As I understand it, using Timestamping will only allow my program to keep running after the certificate has expired, but it will not update. Using a new certificate for signing will force all our users to a manual reinstall. This is the problem that I would like to solve.

prakashkumar84 · January 22, 2010, 3:45am

Hi,

For this case I recommend you to buy a code signing certificate with a maximum validity(3 years or above) so that it will avoid signing your application again in a short period of time.

Thanks.

JamesB7 · August 22, 2012, 12:58pm

Are you sure you don’t just need to use the same public/private keypair?
One can always create a new CSR using the same.

salvatoreg · August 23, 2012, 4:26am

It’s impossible to supply your own CSR during the Comodo Code Signing application process at this time. Key and CSR generation take place in the browser and are not under the control of the user.

JamesB7 · August 26, 2012, 3:06pm

Oh dear. I was about to order one in the next day or two…

That is a serious limitation, especially with SmartScreen reputation etc. all tied to the keys.

Is this likely to change any time soon?

salvatoreg · August 26, 2012, 9:56pm

SmartScreen is still in its infancy and its still quite the joke. It does more harm than good as it hurts the “little” guys more so than the big guys. It’s a never ending cycle with Microsoft in this respect.

Re-using the same private key year after year is considered to be bad key hygiene. Just because you can do it doesn’t mean that you SHOULD do it.