We use DigiCert to create certificates for our Windows desktop apps. The certificate expires in June, and I want to make sure this won't impact the users on the existing versions they use, and the digital signature on the file will remain valid even after the certificate expires.
I use Electron for building the apps, with the electron-builder
package, by passing a .pfx
file to it.
We don't use a specific configuration for the timestamp server and hope that electron-builder
sign its applications with timestamps by default (we check it with them).
I used the signtool
from the Windows SDK
to verify our application is signed with a timestamp, with this command:
signtool verify /pa /v ``"C:\path\to\YourApp.exe"
Here below is the output I got.
Can I be sure my application is signed with a timestamp and our customers' current desktop versions still remain valid after the certificate expiration?
Thank you!
Verifying: C:\Users\User\AppData\Local\Programs\vonage\Vonage Business.exe
Signature Index: 0 (Primary Signature)
Hash of file (sha1): 768E30E637CBB3735FE60E29CA23D73FA0D9C186
Signing Certificate Chain:
Issued to: DigiCert Assured ID Root CA
Issued by: DigiCert Assured ID Root CA
Expires: Mon Nov 10 03:00:00 2031
SHA1 hash: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Issued to: DigiCert SHA2 Assured ID Code Signing CA
Issued by: DigiCert Assured ID Root CA
Expires: Sun Oct 22 15:00:00 2028
SHA1 hash: 92C1588E85AF2201CE7915E8538B492F605B80C6
Issued to: Vonage Business Inc.
Issued by: DigiCert SHA2 Assured ID Code Signing CA
Expires: Tue Jun 04 02:59:59 2024
SHA1 hash: E4BC6CB9CA192588E5FDD6F7693B44D36456AB4D
The signature is timestamped: Wed May 01 12:45:19 2024
Timestamp Verified by:
Issued to: DigiCert Assured ID Root CA
Issued by: DigiCert Assured ID Root CA
Expires: Mon Nov 10 03:00:00 2031
SHA1 hash: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Issued to: DigiCert Trusted Root G4
Issued by: DigiCert Assured ID Root CA
Expires: Mon Nov 10 02:59:59 2031
SHA1 hash: A99D5B79E9F1CDA59CDAB6373169D5353F5874C6
Issued to: DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
Issued by: DigiCert Trusted Root G4
Expires: Mon Mar 23 02:59:59 2037
SHA1 hash: B6C8AF834D4E53B673C76872AA8C950C7C54DF5F
Issued to: DigiCert Timestamp 2023
Issued by: DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
Expires: Sat Oct 14 02:59:59 2034
SHA1 hash: 66F02B32C2C2C90F825DCEAA8AC9C64F199CCF40
Successfully verified: C:\Users\User\AppData\Local\Programs\vonage\Vonage Business.exe
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0