Forum Discussion
Defender for Identity Certificate Requirements
One of the required certificates for the MDI sensor to run is this certificate:
Subject : CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer : CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Thumbprint : D4DE20D05E66FC53FE1A50882C78DB2852CAE474
FriendlyName : DigiCert Baltimore Root
NotBefore : 5/12/2000 11:46:00 AM
NotAfter : 5/12/2025 4:59:00 PM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
It expires in a little over 2 weeks. I still see it listed as required here:
https://learn.microsoft.com/en-us/defender-for-identity/troubleshooting-known-issues
Does anyone know if that requirement will be going away and/or will the certificate be updated before this one expires? I haven't been able to find anything related to its replacement through my various searches so I apologize if this has been covered already.
Thanks.
1 Reply
In the case of Authenticode signatures, if the signature includes a signed timestamp, the validity of the signature is validated as of the stamped time, rather than "now". This means software code signing can chain to root certificates that are expired, so long as they were valid when the software was signed and timestamped.
