Code Signing Certificate Expiration Issue

1
votes

My code signing certificate is valid from 3/3/12 to 3/3/13 (Comodo)

  1. Will re-newing it issue me a new certificate (.pfx file) ? or can I use the current certificate (.pfx file) after 3/3/13 after I pay the fee?

  2. Will the existing signed applications show "unverified publisher" or any other error during installation/execution after 3/3/13 if I do not sign the exe and the setup with new certificate or if I do not buy a new one. Please note that I sign all dll, exe of the software and also the final setup exe

  3. Do I have to get a new .snk file on renewal or can I use the existing .snk file?

  4. Can I use same .snk file to sign different software and their setup files? and different exe, dll in the same setup? Is the .snk file tied to one exe? or can it be used on any exe (.NET and VB6 both) ?

I have Windows 8 Pro + Visual Studio 6 SP6 + Visual Studio 2012 Ultimate + Microsoft 8 SDK Standalone Installation

enter image description here

enter image description here

1
code-signingwinapiauthenticodesigntool

1 Answers

3
votes

A very useful article can be found here.

Answers:

  1. The expiration date is part of the file. So you'll get a new file.

  2. No. When your file is signed and timestamped, the signature will not expire when the certificate expires (explained in the linked article).

  3. .snk files are for strong naming assemblies. These are generally signed using self-signed certificates, since strong naming is not meant to verify the authenticity of the publisher. See also this answer.

  4. Normally you would use the same .snk file to sign all your assemblies. However, strong naming only exists in the .NET world, and won't apply to any other binaries (like VB 6).