FULL PRODUCT VERSION :
A DESCRIPTION OF THE PROBLEM :
I have a Java Web Start Application, and the Jar files are digitally signed. During the digital signing process, I also time-stamp the jar files.
As I understand, the purpose of time-stamping code is to ensure that the certificate stays valid past its expiration date -- the certificate will stay valid indefinitely as long as the code was time-stamped before the digital certificate expired.
However, when I tested the time-stamping, the certificate only stayed valid a few months after its expiration date.
I tried using the comodo time-stamp server (http://timestamp.comodoca.com/rfc3161), and the certificate stayed valid only for 72 days after the certificate expired.
I also tried using the GoDaddy timestamp server, http://tsa.starfieldtech.com. There was some improvement, but the certificate stayed valid for about a year after its expiration date.
REPRODUCIBILITY :
This bug can be reproduced always.
A DESCRIPTION OF THE PROBLEM :
I have a Java Web Start Application, and the Jar files are digitally signed. During the digital signing process, I also time-stamp the jar files.
As I understand, the purpose of time-stamping code is to ensure that the certificate stays valid past its expiration date -- the certificate will stay valid indefinitely as long as the code was time-stamped before the digital certificate expired.
However, when I tested the time-stamping, the certificate only stayed valid a few months after its expiration date.
I tried using the comodo time-stamp server (http://timestamp.comodoca.com/rfc3161), and the certificate stayed valid only for 72 days after the certificate expired.
I also tried using the GoDaddy timestamp server, http://tsa.starfieldtech.com. There was some improvement, but the certificate stayed valid for about a year after its expiration date.
REPRODUCIBILITY :
This bug can be reproduced always.
- duplicates
-
JDK-7194270 Warning about expired certificate when it is timestamped
-
- Closed
-