Code Signing Certificates, Expiry Dates and Timestamping

When I set about signing a Java deployment rule set with a code signing certificate, I noticed that my certificate had an expiry date of 1 year from the current date.  My initial thoughts were that I didn’t want all these Java applications to suddenly stop working in a years time because my code signing certificate had expired!  But I needn’t have worried.

Why Do Code Signing Certificates Expire

When a code signing certificate expires, you can no longer sign any content with it.  The reason they expire is for security purposes.  If they didn’t ever expire and the certificate fell into the wrong hands, anybody could impersonate your company forever!

Will Signed Content Stop Working When My Certificate Expires?

If you haven’t added a timestamp during the signing process, the signed content will check the certificate expiration date against the current date and fail if the certificate has expired.

However adding a timestamp during the signing process provides verification that the signing took place when the certificate was valid, and your signed content will be valid indefinitely.  Timestamping is a mechanism that ensures your digital signature remains trusted long after your Code Signing certificate has expired.