{"id":2895,"date":"2019-05-17T23:07:22","date_gmt":"2019-05-17T23:07:22","guid":{"rendered":"https:\/\/www.thesslstore.com\/knowledgebase\/?post_type=ht_kb&#038;p=2895"},"modified":"2019-05-17T23:07:23","modified_gmt":"2019-05-17T23:07:23","slug":"sectigo-formerly-comodo-time-stamping-service-expiration-what-to-know-and-what-to-do","status":"publish","type":"ht_kb","link":"https:\/\/www.thesslstore.com\/knowledgebase\/code-signing-time-stamping\/sectigo-formerly-comodo-time-stamping-service-expiration-what-to-know-and-what-to-do\/","title":{"rendered":"Sectigo (formerly Comodo) Time Stamping Service Expiration \u2013 What to Know and What to Do"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><em>If you use your Comodo\nCode Signing Certificate to sign Java code, please read this article carefully.\n(If you don\u2019t sign Java code with your certificate, you can ignore this\narticle.)<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">On Wednesday, May 8<sup>th<\/sup> 2019 we received a\nnotification from Sectigo (formerly Comodo CA) that one of their <strong>timestamping<\/strong> certificates that work in\nconjunction with Code Signing Certificates will be <strong>expiring<\/strong> on July 9<sup>th<\/sup>, 2019. Java code signed with the\nComodo\/Sectigo time stamping service at timestamp.comodo.com may be affected if\nit is signed with the time stamping certificate that expires on July 9, 2019.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This expiration is a regular, anticipated occurrence, and\nthis Article outlines the steps you\u2019ll need to take to avoid any interruption\nin service.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Code Signing and\nTimestamping<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Not all software distributors who sign code choose to\ntimestamp it, so the expiration of this certificate will only impact those who\nhave <strong>timestamped<\/strong> their signed code. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Timestamping paired with code signing establishes a point in\ntime in which an object (such as a software executable) existed, was signed by\na certificate which was valid at the time, and has not been changed since that\ntime. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In Java, the application checks the validity of <strong>both<\/strong> the code signing and timestamping certificates. As long as one of the two is still valid, the signed application will be trusted. Timestamped code will remain trusted long after the code signing certificate used to sign it has expired, because timestamping certificates have a much longer lifespan than code signing certificates. But timestamping certificates do still <strong>expire<\/strong>, which is what is happening here. <\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"306\" height=\"252\" src=\"https:\/\/www.thesslstore.com\/knowledgebase\/wp-content\/uploads\/2019\/05\/punnet-square-2.png\" alt=\"\" class=\"wp-image-2904\" srcset=\"https:\/\/www.thesslstore.com\/knowledgebase\/wp-content\/uploads\/2019\/05\/punnet-square-2.png 306w, https:\/\/www.thesslstore.com\/knowledgebase\/wp-content\/uploads\/2019\/05\/punnet-square-2-300x247.png 300w, https:\/\/www.thesslstore.com\/knowledgebase\/wp-content\/uploads\/2019\/05\/punnet-square-2-50x41.png 50w, https:\/\/www.thesslstore.com\/knowledgebase\/wp-content\/uploads\/2019\/05\/punnet-square-2-60x49.png 60w, https:\/\/www.thesslstore.com\/knowledgebase\/wp-content\/uploads\/2019\/05\/punnet-square-2-35x29.png 35w\" sizes=\"auto, (max-width: 306px) 100vw, 306px\" \/><\/figure><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">The timestamping certificate that is expiring on July 9<sup>th<\/sup> 2019 is associated with <strong>timestamp.comodoca.com<\/strong>. As of March 4<sup>th<\/sup>, 2019, it was replaced with the new certificate <strong>timestamp.sectigo.com<\/strong>. Any code timestamped after March 4<sup>th<\/sup>, 2019 will have this new certificate and no action needs to be taken on them.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>How to determine\nif you\u2019re impacted<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Java<\/strong> is the only\nplatform that will be impacted by this certificate expiration. If you are using\nWindows or other applications to sign your code, you are not impacted by this\nexpiration. <strong>Any<\/strong> code signing\ncertificate issued by Sectigo (Comodo) before March 4<sup>th<\/sup>, 2019\n(including EV certificates) can be affected by this expiration if they\u2019re being\nused in a Java environment. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You can refer to the flow chart below to easily determine of\nyou need to take any action before the expiration. <\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"842\" src=\"https:\/\/www.thesslstore.com\/knowledgebase\/wp-content\/uploads\/2019\/05\/Sectigo-Timestamp-Expiration-Chart-1-1024x842.png\" alt=\"\" class=\"wp-image-2897\" srcset=\"https:\/\/www.thesslstore.com\/knowledgebase\/wp-content\/uploads\/2019\/05\/Sectigo-Timestamp-Expiration-Chart-1-1024x842.png 1024w, https:\/\/www.thesslstore.com\/knowledgebase\/wp-content\/uploads\/2019\/05\/Sectigo-Timestamp-Expiration-Chart-1-300x247.png 300w, https:\/\/www.thesslstore.com\/knowledgebase\/wp-content\/uploads\/2019\/05\/Sectigo-Timestamp-Expiration-Chart-1-768x631.png 768w, https:\/\/www.thesslstore.com\/knowledgebase\/wp-content\/uploads\/2019\/05\/Sectigo-Timestamp-Expiration-Chart-1-50x41.png 50w, https:\/\/www.thesslstore.com\/knowledgebase\/wp-content\/uploads\/2019\/05\/Sectigo-Timestamp-Expiration-Chart-1-60x49.png 60w, https:\/\/www.thesslstore.com\/knowledgebase\/wp-content\/uploads\/2019\/05\/Sectigo-Timestamp-Expiration-Chart-1-35x29.png 35w, https:\/\/www.thesslstore.com\/knowledgebase\/wp-content\/uploads\/2019\/05\/Sectigo-Timestamp-Expiration-Chart-1.png 1321w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">You can check the status of both\ncertificates (time stamping and code signing) by running the following <strong>command<\/strong>:<br>\n<code>C:\\&gt;\"\\Program Files\\Java\\jdk-12.0.1\\bin\\jarsigner.exe\"\n-verify my_file.jar<\/code><br>\n<br>\nThe output for that command should look\nsomething like this:<br>\n<br>\n<code>jar verified.<\/code><br>\n<code>Warning:<\/code><br>\n<code>The timestamp will expire within one year on 2019-07-09.\nHowever, the JAR will be valid until the signer certificate expires on\n2020-05-30.<\/code><br>\n<code>Re-run with the -verbose and -certs options for more\ndetails.<\/code><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As long as the output message includes \u201cjar verified,\u201d the\napplication is currently running without issue. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In the example above, the timestamp being used is the one\nthat will be expiring (2019-07-09), but the code signing certificate itself\ndoesn\u2019t expire until May 30<sup>th<\/sup>, 2020. In the above case, this code\nwould <strong>still be trusted<\/strong> and will just\nneed to be re-signed any time before the actual code signing certificate expires.\n<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>FAQ<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Q: Why is this happening?<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>A<\/strong>: A timestamping\ncertificate used with Sectigo (Comodo) code signing certificates expires on\nJuly 9, 2019. This is a regular anticipated occurrence as timestamping\ncertificates have a longer lifespan than code signing certificates, but they do\nstill have an end-of-life date. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Q: How do I know if I\u2019m affected?<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>A<\/strong>: Refer to our\nhandy flow-chart above. Only signed applications meeting the following criteria\nare affected:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>The application is signed in Java.<\/li><li>The application was signed AND timestamped.<\/li><li>The application has a timestamp from\ntimestamp.comodoca.com.<\/li><li>The time stamp was signed by a certificate that expires\non July 9, 2019.<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Q: Ok, I\u2019m affected, what do I do?<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>A<\/strong>: If your code\nsigning certificate is not expired yet, just re-sign your code any time before\nit expires. If you\u2019re code signing certificate is already expired, renew or\nreplace it and re-sign your code.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Q: What will happen if I don\u2019t re-sign my code in time?<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>A<\/strong>: Users or\nprocesses using your application may experience issues after July 9<sup>th<\/sup>,\n2019<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you use your Comodo Code Signing Certificate to sign Java code, please read this article carefully. (If you don\u2019t sign Java code with your certificate, you can ignore this article.) On Wednesday, May 8th 2019 we received a notification from Sectigo (formerly Comodo CA) that one of their timestamping&#8230;<\/p>\n","protected":false},"author":1,"comment_status":"closed","ping_status":"closed","template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"ht-kb-category":[30],"ht-kb-tag":[],"class_list":["post-2895","ht_kb","type-ht_kb","status-publish","format-standard","hentry","ht_kb_category-code-signing-time-stamping"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Sectigo (formerly Comodo) Time Stamping Service Expiration \u2013 What to Know and What to Do - Knowledge Base<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.thesslstore.com\/knowledgebase\/code-signing-time-stamping\/sectigo-formerly-comodo-time-stamping-service-expiration-what-to-know-and-what-to-do\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Sectigo (formerly Comodo) Time Stamping Service Expiration \u2013 What to Know and What to Do - Knowledge Base\" \/>\n<meta property=\"og:description\" content=\"If you use your Comodo Code Signing Certificate to sign Java code, please read this article carefully. (If you don\u2019t sign Java code with your certificate, you can ignore this article.) On Wednesday, May 8th 2019 we received a notification from Sectigo (formerly Comodo CA) that one of their timestamping...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.thesslstore.com\/knowledgebase\/code-signing-time-stamping\/sectigo-formerly-comodo-time-stamping-service-expiration-what-to-know-and-what-to-do\/\" \/>\n<meta property=\"og:site_name\" content=\"Knowledge Base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/thesslstoredotcom\" \/>\n<meta property=\"article:modified_time\" content=\"2019-05-17T23:07:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.thesslstore.com\/knowledgebase\/wp-content\/uploads\/2019\/05\/punnet-square-2.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@thesslstore\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Sectigo (formerly Comodo) Time Stamping Service Expiration \u2013 What to Know and What to Do - Knowledge Base","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.thesslstore.com\/knowledgebase\/code-signing-time-stamping\/sectigo-formerly-comodo-time-stamping-service-expiration-what-to-know-and-what-to-do\/","og_locale":"en_US","og_type":"article","og_title":"Sectigo (formerly Comodo) Time Stamping Service Expiration \u2013 What to Know and What to Do - Knowledge Base","og_description":"If you use your Comodo Code Signing Certificate to sign Java code, please read this article carefully. (If you don\u2019t sign Java code with your certificate, you can ignore this article.) On Wednesday, May 8th 2019 we received a notification from Sectigo (formerly Comodo CA) that one of their timestamping...","og_url":"https:\/\/www.thesslstore.com\/knowledgebase\/code-signing-time-stamping\/sectigo-formerly-comodo-time-stamping-service-expiration-what-to-know-and-what-to-do\/","og_site_name":"Knowledge Base","article_publisher":"https:\/\/www.facebook.com\/thesslstoredotcom","article_modified_time":"2019-05-17T23:07:23+00:00","og_image":[{"url":"https:\/\/www.thesslstore.com\/knowledgebase\/wp-content\/uploads\/2019\/05\/punnet-square-2.png","type":"","width":"","height":""}],"twitter_card":"summary_large_image","twitter_site":"@thesslstore","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.thesslstore.com\/knowledgebase\/code-signing-time-stamping\/sectigo-formerly-comodo-time-stamping-service-expiration-what-to-know-and-what-to-do\/","url":"https:\/\/www.thesslstore.com\/knowledgebase\/code-signing-time-stamping\/sectigo-formerly-comodo-time-stamping-service-expiration-what-to-know-and-what-to-do\/","name":"Sectigo (formerly Comodo) Time Stamping Service Expiration \u2013 What to Know and What to Do - Knowledge Base","isPartOf":{"@id":"https:\/\/www.thesslstore.com\/knowledgebase\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.thesslstore.com\/knowledgebase\/code-signing-time-stamping\/sectigo-formerly-comodo-time-stamping-service-expiration-what-to-know-and-what-to-do\/#primaryimage"},"image":{"@id":"https:\/\/www.thesslstore.com\/knowledgebase\/code-signing-time-stamping\/sectigo-formerly-comodo-time-stamping-service-expiration-what-to-know-and-what-to-do\/#primaryimage"},"thumbnailUrl":"https:\/\/www.thesslstore.com\/knowledgebase\/wp-content\/uploads\/2019\/05\/punnet-square-2.png","datePublished":"2019-05-17T23:07:22+00:00","dateModified":"2019-05-17T23:07:23+00:00","breadcrumb":{"@id":"https:\/\/www.thesslstore.com\/knowledgebase\/code-signing-time-stamping\/sectigo-formerly-comodo-time-stamping-service-expiration-what-to-know-and-what-to-do\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.thesslstore.com\/knowledgebase\/code-signing-time-stamping\/sectigo-formerly-comodo-time-stamping-service-expiration-what-to-know-and-what-to-do\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.thesslstore.com\/knowledgebase\/code-signing-time-stamping\/sectigo-formerly-comodo-time-stamping-service-expiration-what-to-know-and-what-to-do\/#primaryimage","url":"https:\/\/www.thesslstore.com\/knowledgebase\/wp-content\/uploads\/2019\/05\/punnet-square-2.png","contentUrl":"https:\/\/www.thesslstore.com\/knowledgebase\/wp-content\/uploads\/2019\/05\/punnet-square-2.png","width":306,"height":252},{"@type":"BreadcrumbList","@id":"https:\/\/www.thesslstore.com\/knowledgebase\/code-signing-time-stamping\/sectigo-formerly-comodo-time-stamping-service-expiration-what-to-know-and-what-to-do\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.thesslstore.com\/knowledgebase\/"},{"@type":"ListItem","position":2,"name":"Sectigo (formerly Comodo) Time Stamping Service Expiration \u2013 What to Know and What to Do"}]},{"@type":"WebSite","@id":"https:\/\/www.thesslstore.com\/knowledgebase\/#website","url":"https:\/\/www.thesslstore.com\/knowledgebase\/","name":"Knowledge Base","description":"TheSSLstore","publisher":{"@id":"https:\/\/www.thesslstore.com\/knowledgebase\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.thesslstore.com\/knowledgebase\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.thesslstore.com\/knowledgebase\/#organization","name":"The SSL Store\u2122","url":"https:\/\/www.thesslstore.com\/knowledgebase\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.thesslstore.com\/knowledgebase\/#\/schema\/logo\/image\/","url":"https:\/\/www.thesslstore.com\/knowledgebase\/wp-content\/uploads\/2017\/04\/thesslstore.jpg","contentUrl":"https:\/\/www.thesslstore.com\/knowledgebase\/wp-content\/uploads\/2017\/04\/thesslstore.jpg","width":300,"height":300,"caption":"The SSL Store\u2122"},"image":{"@id":"https:\/\/www.thesslstore.com\/knowledgebase\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/thesslstoredotcom","https:\/\/x.com\/thesslstore","https:\/\/www.linkedin.com\/company\/the-ssl-store","https:\/\/www.youtube.com\/user\/thesslstore"]}]}},"_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/knowledgebase\/wp-json\/wp\/v2\/ht-kb\/2895","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/knowledgebase\/wp-json\/wp\/v2\/ht-kb"}],"about":[{"href":"https:\/\/www.thesslstore.com\/knowledgebase\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/knowledgebase\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/knowledgebase\/wp-json\/wp\/v2\/comments?post=2895"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/knowledgebase\/wp-json\/wp\/v2\/ht-kb\/2895\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/knowledgebase\/wp-json\/wp\/v2\/media?parent=2895"}],"wp:term":[{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/knowledgebase\/wp-json\/wp\/v2\/ht-kb-category?post=2895"},{"taxonomy":"ht_kb_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/knowledgebase\/wp-json\/wp\/v2\/ht-kb-tag?post=2895"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}