I renewed my certificate for Read it easy when I got a message "Certificate will expire in 30 days" from Certum.
What happens when a code signing certificate expires? #
After a code signing certificate expires, there are some problems.
- We can't sign an app with an expired certificate.
- We can't sign an app until we purchase and activate a new certificate.
- An app signed with an expired certificate isn't trusted by Microsoft SmartScreen, Google Safe Browsing, and antivirus programs if we signed it without any timestamp.
In other words, with timestamping an app, we can use it, download it, and install it as before. If we want to release a new version, we purchase and activate a new certificate.
Renewing a certificate #
I purchased a new certificate from Certum again. The renewal process was almost the same as last time. No shortcut.
The list below is an overview from purchasing a new certificate to signing an app with its certificate.
- Purchase a new certificate
- Verify personal data
- Generate key
- Activate certificate
- Activate an account of SimplySign
- Sign an app with a new certificate
I did the process from 2. to 4. on the pages of Data Security Products. I already had my SimplySign account, but I had to activate a new account for a new certificate. Maybe a certificate binds a SimplySign account.
The time server of Certum has supported RFC3161, so I changed the signing command.
// Before
signtool sign /n "myname" /t http://time.certum.pl/ /fd sha256 /v "path to app"
// After
signtool sign /sha1 "thumbprint" /tr http://time.certum.pl /td sha256 /fd sha256 /v "path to app"Code signing with a new certificate was successful. Use the command prompt. I wasted some time using Git Bash.
Reference: