Do jar files signed with a certificate which has expired still work?
843802Jun 12 2002 — edited Jun 14 2002Hi all,
I need a confirmation on this topic regarding code signing.
We have developed and deployed a JWS application. The code signing certificate we use to grant the application unlimited access to local resources will expire on July 13th 2002.
From what I've read in another thread, I think the following holds:
- the certificate will expire, yes, and can no longer be used for signing code.
- the contained signature, however, has no expiration date, and thus continues to be valid.
- therefore, JWS will continue to download and launch the application.
- and already installed apps (using JWS) will continue to work properly, with full access to local resources as previously granted by the user.
Can anyone confirm this?
We're using a Thawte Java Developer Code Signing certificate.
Thank you very much for your help. It's important to us we don't make any mistake on this issue. If you can provide me with any useful links to site explaining the topic (especially Java code signing, and maybe even JWS issues related to this), I'd be very grateful.
Andreas Weder