Hardware Compatibility Publisher certificate expired

Mark_Holiday · July 24, 2023, 7:17pm

We have a driver package that was successfully Attestation-signed in October of last year. I noticed that the issued certificate was valid from 6/7/2022 to 6/1/2023. However, the driver package still installs on systems, seemingly without issue (although we have installed on only a small sample of systems, probably < 10).

I am wondering what determines the valid dates for that certificate from Microsoft Windows Hardware Compatibility Publisher, and what is the real ramification of those “valid dates”?
Do we need to obtain a new EV cert and resubmit the driver package for re-signing?

Mark_Roddy · July 24, 2023, 9:02pm

The timestamp on the signed object allows it to be installed regardless of the expiration date of the cert, as long as the timestamp indicates that the object was signed while the cert was valid.

Tim_Roberts · July 25, 2023, 1:41am

Yes. I’m just answering a question on another site from someone where the vendor apparently did NOT use a timestamp when signing the package, and now that their certificate has expired, the package is useless. That’s negligent.