Rate this article: (19 votes, average: 2.00)
A Code Signing certificate, like an SSL certificate, is only good for a set period of time. Afterwards it expires and can no longer be used. But that creates a potential problem: what happens to all the software you signed before the certificate expired? Are all of those digital signatures expired now too? Not if you timestamped them. Timestamping is a mechanism that ensures your digital signature remains trusted long after your Code Signing certificate has expired.
Fortunately, there’s a way to make sure your signed software executable will still be completely valid, even after your code signing certificate expires – timestamping.
When you apply a digital signature to your software, a customer’s computer is going to check your digital signature before installing the software.
Normally, if there is no timestamp the system will check the certificate expiration date against the current date. However, if you apply a timestamp (a digital record of when the signature was applied) your customers’ computers will be able to see that the software was signed while the certificate was still valid and the download will proceed as planned.
Timestamping is supported by a variety of software development tools, including Microsoft SignTool and Visual Studio. Before you sign your executable, the software you’re using to apply the signature will check Comodo’s Time Stamping server for the current date and time and timestamp your signed file.
Once the program is signed, no matter when it’s used (even if your code signing certificate has expired), the signature will be viewed as valid. Timestamping might add an extra step to the process, but it’s definitely worth taking the time to do it. It will save you a huge headache in the long run and avoid any code signing certificate expired issues in the future.
Need to sign your software to assure users and make installation easier? We sell all Comodo code signing certificates at up to 58% off.
View Code Signing Certificates