ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

What is the Relationship between Certificate Expiration and Webstart Workstation operation?

book

Article ID: 13263

calendar_today

Updated On:

Products

CA Application Performance Management Agent (APM / Wily / Introscope) INTROSCOPE

Issue/Introduction

 APM 10.5.1 Webstart Workstation uses the same certificate to sign the code like all previous APM 10.x releases:

 The certificate used by CA Introscope Workstation 10.5.1.6 is:

Validity period [From: Tue Mar 10 01:00:00 CET 2015, To: Sat Mar 10 00:59:59 CET 2018]

 



Will the Certificate Expiration of WebStart Workstation cause any problems?

 

Environment

APM 10.5WindowsLinux

Resolution

No, it will not cause any problem launching the client.

The reason why:

The signing certificate expiration does not determine the validity of the signature if a timestamp is included with the signature.
The signing certificate can expire but the signature will be trusted until the timestamp certificate expires.
The timestamp signing certificate APM uses won’t expire before Apr 12 01:59:59 CEST 2027.

 

Additional Information

https://www.symantec.com/page.jsp%3Fid%3Dcode-signing-information-center states the following:

How long does a digital signature last?
Every code signing certificate is purchased with a specific validity period. The digital certificate can be used to sign code as frequently as needed during that validity period. When the digital certificate expires, all digital signatures that depend on that digital certificate expire also unless the signature includes a timestamp. A timestamp option shows when code was signed, allowing customers to verify that the code signing certificate was valid at the time of the digital signature.