Feb 292016
 

Windows Security WarningSome might have noticed that pretty much all my current programs got an update. More observant among you might have noticed that update bears the same major and minor version. For example, QText was bumped from 4.10 to 4.10. Why is that?

Reason lies in the need to resign my executables as my current certificate expires on March 1st and after that date you wouldn’t get nice install prompt but ugly red one. Programs would work all the same but, based on what happened two years ago, I would be swamped with e-mails. To avoid any misunderstanding, I simply recompiled application with the new certificate. All functionality remains unchanged, it is just certificate that is new.

Developers among you might ask why I am not timestamping my signature so they are still valid after certificate expires. I am doing that but devil is in the details.

My previous certificate (bought from StartSSL), had lifetime signing “feature” (WTD_LIFETIME_SIGNING_FLAG). Somewhat unexpectedly this means not that your signature is valid forever, but that it expires together with certificates, regardless of timestamping. Go figure…

In any case, SSLStart gave me non-“lifetime” certificate this year so timestamping should work in the future beyond their expiry. If not, I will repeat this post in two years. :)

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>