I have a Java Applet (for a browser) signed and timestamped with a valid Code Signing Certificate from GoDaddy. The code signing certificate itself expires in a few weeks. Everything I’ve read says that the applet will still be valid after the Code Signing Certificate expires:
From here:
If a timestamp is discovered, then the code signature is valid until the end of time, as long as the code remains unchanged
I would like to verify this is actually true though. If I change my computer’s clock settings to a later date, past when the certificate expires, I get the following Java Exception in IE, Firefox and Chrome:
java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Response is unreliable: its validity interval is out-of-date
Does this mean that the applet will actually fail in a few weeks when the Code Signing Certificate expires, or is this test of changing my computer clock just invalid? Any references either way?
Advertisement
Answer
The code Signing Certificate has expired several months ago now, and I can confirm everything is still working fine. The Java popup that comes up (the first time visiting the site) says: “The web site’s certificate has been verified.”
Changing the local timestamp wasn’t a valid test of this after all.