Rate this article: (2 votes, average: 5.00)
Showcase Identity with Premium Security
Activate the Green Address Bar with EV SSL to boost trust & sales!
Higher Trust = More Sales
High Assurance OV SSL Certificates
Provide more visibility by showing there's
a legitimate organization behind your website.
Standard DV SSL Certificates
Get basic encryption fast.
Stop browser security warnings right now!
Code Signing Certificates
Tamper-proof your code. Protect integrity,
verify publisher and ensure authenticity.
Wildcard SSL Certificates
Easily secure all sub-domains for a
completely secure website experience.
Protect many websites with a single solution.
Reduce headaches and save time!
CodeGuard Website Backup
Protect your website against errors, mistakes, & crashes.
Automatic backups + malware scanning + one-click restore.
A Code Signing certificate, like an SSL certificate, is only good for a set period of time. Afterwards it expires and can no longer be used. But that creates a potential problem: what happens to all the software you signed before the certificate expired? Are all of those digital signatures expired now too? Not if you timestamped them. Timestamping is a mechanism that ensures your digital signature remains trusted long after your Code Signing certificate has expired.
Fortunately, there’s a way to make sure your signed software executable will still be completely valid, even after your code signing certificate expires – timestamping.
When you apply a digital signature to your software, a customer’s computer is going to check your digital signature before installing the software.
Normally, if there is no timestamp the system will check the certificate expiration date against the current date. However, if you apply a timestamp (a digital record of when the signature was applied) your customers’ computers will be able to see that the software was signed while the certificate was still valid and the download will proceed as planned.
Timestamping is supported by a variety of software development tools, including Microsoft SignTool and Visual Studio. Before you sign your executable, the software you’re using to apply the signature will check Comodo’s Time Stamping server for the current date and time and timestamp your signed file.
Once the program is signed, no matter when it’s used (even if your code signing certificate has expired), the signature will be viewed as valid. Timestamping might add an extra step to the process, but it’s definitely worth taking the time to do it. It will save you a huge headache in the long run and avoid any code signing certificate expired issues in the future.
Need to sign your software to assure users and make installation easier? We sell all Comodo code signing certificates at up to 58% off.
View Code Signing Certificates