What is the Relationship between Certificate Expiration and Webstart Workstation operation?

Document ID : KB000013263
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

 APM 10.5.1 Webstart Workstation uses the same certificate to sign the code like all previous APM 10.x releases:

 The certificate used by CA Introscope Workstation 10.5.1.6 is:

Validity period [From: Tue Mar 10 01:00:00 CET 2015, To: Sat Mar 10 00:59:59 CET 2018]

 

Question:

Will the Certificate Expiration of WebStart Workstation cause any problems?

 

Environment:
APM 10.5WindowsLinux
Answer:

No, it will not cause any problem launching the client.

The reason why:

The signing certificate expiration does not determine the validity of the signature if a timestamp is included with the signature.
The signing certificate can expire but the signature will be trusted until the timestamp certificate expires.
The timestamp signing certificate APM uses won’t expire before Apr 12 01:59:59 CEST 2027.

 

Additional Information:

https://www.symantec.com/page.jsp%3Fid%3Dcode-signing-information-center states the following:

How long does a digital signature last?
Every code signing certificate is purchased with a specific validity period. The digital certificate can be used to sign code as frequently as needed during that validity period. When the digital certificate expires, all digital signatures that depend on that digital certificate expire also unless the signature includes a timestamp. A timestamp option shows when code was signed, allowing customers to verify that the code signing certificate was valid at the time of the digital signature.