Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7166299

Java Web Start Does Not Fully Support Certificate Time-Stamped Jars

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: P4 P4
    • None
    • 7
    • deploy
    • x86
    • windows_7

      FULL PRODUCT VERSION :


      A DESCRIPTION OF THE PROBLEM :
      I have a Java Web Start Application, and the Jar files are digitally signed. During the digital signing process, I also time-stamp the jar files.

      As I understand, the purpose of time-stamping code is to ensure that the certificate stays valid past its expiration date -- the certificate will stay valid indefinitely as long as the code was time-stamped before the digital certificate expired.

      However, when I tested the time-stamping, the certificate only stayed valid a few months after its expiration date.

      I tried using the comodo time-stamp server (http://timestamp.comodoca.com/rfc3161), and the certificate stayed valid only for 72 days after the certificate expired.

      I also tried using the GoDaddy timestamp server, http://tsa.starfieldtech.com. There was some improvement, but the certificate stayed valid for about a year after its expiration date.


      REPRODUCIBILITY :
      This bug can be reproduced always.

            herrick Andy Herrick (Inactive)
            webbuggrp Webbug Group
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: