[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Digicert - XEN: Re-sign files timestamped from September 14-22, 2022, to get full 11-year timestamp validity
Hi George,
I don't think we need do anything. The issue appears to be that the timestamp service was incorrectly configured to anything signed between Sept 14 and Sept 22 would have a very short signature life. I didn't sign anything between those dates, so I don't think there is any problem.
Cheers,
Paul
Hey Paul,
Does this mean anything to you? Let me know if you need me to do anything in particular.
-George Begin forwarded message:
Subject: Digicert - XEN: Re-sign files timestamped from September 14-22, 2022, to get full 11-year timestamp validity
Date: 27 September 2022 at 01:58:36 BST
Fwding. ---------- Forwarded message --------- From: 'DigiCert' via Accounts Payable <ap@xxxxxxxxxxxxxxxxxxx>Date: Mon, Sep 26, 2022 at 5:28 PM Subject: [ap] [Action Required] Re-sign files timestamped from September 14-22, 2022, to get full 11-year timestamp validity To: < ap@xxxxxxxxxxxxxxxxxxx>
New TSA cert with full validity (135 months).
|
Hello NAMHAI NGUYEN,
You are receiving this email because you may use DigiCert's timestamping services with one or more Code Signing or Document Signing Certificates.
>From September 14, 2022, at 13:11 MDT (19:11 UTC), to September 22, 2022, at 13:18 MDT (19:18 UTC), DigiCert's timestamp .digicert. com and adobe .timestamp. digicert. com services mistakenly issued a timestamp authority (TSA) certificate with a validity period of only one year. On September 22, 2022, we replaced this TSA certificate with a new TSA certificate with a 135-month (11-year) validity period, the maximum allowed by current industry standards.
To take advantage of the new TSA certificate’s full 11-year validity, you need to re-sign files timestamped during the affected period.
How does this affect me?
The maximum validity of a Code Signing or Document Signing Certificate is only three years, which is why it is important that they are timestamped with a TSA certificate with the longest validity period possible. Timestamping preserves the signature on your files or software, allowing them to be accepted by operating systems and other software after your Code Signing or Document Signing Certificate expires. When the signature is evaluated, the timestamp allows the validity of the signature to be checked against the time it was signed, instead of the current time when the software is being executed.
Timestamping code or files with DigiCert's new TSA certificate will increase the validity of your signatures to 11 years.
What do I need to do?
To take advantage of the new TSA certificate's 11-year validity period, you must first do a self-audit to determine which of your files or code were signed when the one-year TSA certificate was active from September 14, 2022, at 13:11 MDT (19:11 UTC), to September 22, 2022, at 13:18 MDT (19:18 UTC).
Once you have parsed the list of affected files or code, you can either:
- Re-sign files or code that were previously signed and timestamped during the affected period and apply the new 11-year timestamp signature.
- Re-apply the new 11-year timestamp signature to files that were previously signed and timestamped during the affected period*.
*For information about applying timestamps to previously signed files, see Microsoft's Adding Time Stamps to Previously Signed Files and TimeStamp Command Options.
Need help?
Thank you,
DigiCert Team | | | | | |
This service message was delivered to ap@xxxxxxxxxxxxxxxxxxx as the registered email address of a user of a DigiCert product, in order to provide important service-related information.
DigiCert, Inc. 2801 Thanksgiving Way, Suite 500, Lehi, Utah 84043 | Contact Us | Privacy Policy
© 2022 DigiCert, Inc. All rights reserved.
![]() |
![]()
|
