is OWS ignoring timestamps in expired code-signing-certificates? #610

AlBundy33 · 2024-12-20T13:54:04Z

our code signing certificae expired this month we have timestamped the signature.
When we try to start our application OWS complains about an expired certificate.

But If I check the certificate on command line all is fine

jarsigner -verify -verbose org.ehcache_3.9.6.jar
...
  s = signature was verified
  m = entry is listed in manifest
  k = at least one certificate was found in keystore

- Signed by "...our certificate..."
    Digest algorithm: SHA-256
    Signature algorithm: SHA256withRSA, 4096-bit key
  Timestamped by "CN=DigiCert Timestamp 2023, O="DigiCert, Inc.", C=US" on Mi. Okt. 18 08:39:52 UTC 2023
    Timestamp digest algorithm: SHA-256
    Timestamp signature algorithm: SHA256withRSA, 4096-bit key

jar verified.

The signer certificate expired on 2024-12-10. However, the JAR will be valid until the timestamp expires on 2031-11-10.

(don't worry about org.ehcache_3.9.6.jar - we've resigned all jars with our certificate)

The text was updated successfully, but these errors were encountered:

AlBundy33 mentioned this issue Dec 20, 2024

is OWS ignoring the certificate chain of code-signing-certificates? #611

Open

AlBundy33 changed the title ~~is OWS ignoring timestamps in expired certificates?~~ is OWS ignoring timestamps in expired code-signing-certificates? Dec 20, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

is OWS ignoring timestamps in expired code-signing-certificates? #610

is OWS ignoring timestamps in expired code-signing-certificates? #610

AlBundy33 commented Dec 20, 2024

is OWS ignoring timestamps in expired code-signing-certificates? #610

is OWS ignoring timestamps in expired code-signing-certificates? #610

Comments

AlBundy33 commented Dec 20, 2024