On Sun, Mar 18, 2012 at 2:31 PM, Greg Keogh <[email protected]> wrote: > Folks, I tried to sign some files using signtool.exe with my company > certificate (PFX file) which expired a few months ago. I get the rather > generic error “The signer's certificate is not valid for signing.” > > > > I’m guessing that signtool rejects expired certificates and I can’t find any > way of overriding the behaviour. I’d still like to do some signing even > though it is expired, because at least it sticks my identification inside > and people can see it during installation. Is there a trick I can pull to > use the expired cert? >
Fool with the machine date? That won't work if you use verisign timestamp service. (but you can do the 2 separately) Or make a test certificate, which is the approved technique. I'd never do this for released code, but its good for internal use. > > > <winge>Damn those certs are expensive. I got that one for free, but a > Verisign renewal is $895 for two years. Thawte is $549 for two years. > Jeeeez, it works out at about a dollar per binary bit of the key.</winge> > It'd have to be deductible. -- Meski http://courteous.ly/aAOZcv "Going to Starbucks for coffee is like going to prison for sex. Sure, you'll get it, but it's going to be rough" - Adam Hills
