Forum Discussion
signing certificate expiration and apps
Hello Team, The cert that we planning to use would be valid for 2 years. What will happen after it expires? Do we need to ignore the expiry dates of the certificates while injecting into the package during its creation?
Prashant_Patale I moved this item to a conversation as well so other can follow along.
We highly recommend time stamping the app when signing. If you use time stamping the apps will continue to deploy after the cert expires, without it you will need to resign you package.
More information here: https://docs.microsoft.com/en-us/windows/msix/package/signing-package-overview
John Vintzel (@jvintzel)
PM Lead, MSIX
- jvintzel
Microsoft
Prashant_Patale I moved this item to a conversation as well so other can follow along.
We highly recommend time stamping the app when signing. If you use time stamping the apps will continue to deploy after the cert expires, without it you will need to resign you package.
More information here: https://docs.microsoft.com/en-us/windows/msix/package/signing-package-overview
John Vintzel (@jvintzel)
PM Lead, MSIX
jvintzel Thank you for the details John. This is really helpful.
- WesleeJKN0487
jvintzel we have a customer that would like to outsource the packaging of apps with MSIX to a provider. They plan to offer a certificate - which will be used by the provide to sign packages - and they have asked what happens when they revoke that certificate , will installations initiated after the revocation date still work? Is this process influenced by TSA aswell?
- ShakersMSFT
Hi WesleeJKN0487,
If a certificate is revoked, previous installations and any future attempts will no longer be trusted. The timestamp does not matter if the certificate is revoked, only if the certificate expires.
Best,
Sharla
