Forum Discussion
No Upgrade Scenario when Certificate Expires
Did John's comment resolve your issue? Please let us know if you are still facing this. 🙂
Sushant Bansal (@susbansal)
Product Manager, MSIX
No. The issue is that the publisher name must change in some situations. Examples include:
- My case where the public CAs changed their standards to what goes into the subject field of the purchased public certificate. Which happened to me two years in a row.
- Mergers and Aquisitions.
Subsequently, Microsoft introduced a method to support the upgrade scenario where the cert subject field changes, however this solution is often not possible. That solution requires creating and signing a new file using the old certificate. But that must be done prior to the old certificate expiring.
As the paid for certificate is only good for a year (even if you purchase a "3-year" certificate, it is actually 3 1-year certificates), you don't want to get the new certificate until the old one is about to expire, so leaving enough time to get the new cert, discover the change, and figure out how to run that process on every app needing it before expiration is a challenge. Especially when the cert CA has a glitch and takes a month to deliver the cert.
So, no, we don't have a workable solution other than to tell the users to uninstall/install.
This is great feedback Tim! I will get the team to investigate this.
While it is unfortunate that the public CAs changed their standards, do you think it is a frequently occurring scenario and likely to happen again?
Is it safe to say that most Developers/IT Pros using public CAs will face this issue?Sushant Bansal (@susbansal)
Product Manager, MSIX- It occurred to me twice in the last three years. This year's renewal went without additional changes, so perhaps it has settled down and they won't change their standards in the future.
