everything working even with expired code signing cert

The public knowledge pool and discussion forum of the OWS community. Do not post confidential information here!
gkatz
Posts: 4
Joined: 22 Nov 2023, 13:32

everything working even with expired code signing cert

Post by gkatz »

hi all; using ows with eclipse tumerin 17and a code signing cert that expired 12 days ago...

my builds continue as usual and even though the jar signing logs now say the cert is expired, the build and jar signing passes and the JNLP file can be launched with no issues, no prompts or anything. everythinkg seems to magically keep on working. its like no one cares that the code signing cert has expired

can someone explain this? i would expect the build to fail and/or the browser/ows runtime to reject the jar downloading due to the fact they arent signed with a valid cert... i am confused. any comments would be appreciated. thanks.

here is a log output from jar signing of a single jar (there are more like this):
[signjar] The signer certificate expired on 2024-03-09. However, the JAR will be valid until the timestamp expires on 2031-11-10.
[signjar] jar signed.

Janak Mulani
Posts: 817
Joined: 24 Mar 2020, 13:37

Re: everything working even with expired code signing cert

Post by Janak Mulani »

OWS is not responsible for the build and jar signing.

OWS checks the jar signing only after downloading the jar.

If a jar has problematic certificate such as expired/expiring/invalid certificate you will see a log entry:" Jar found at <path to jar in the cache> has been verified as SIGNED_NOT_OK"

gkatz
Posts: 4
Joined: 22 Nov 2023, 13:32

Re: everything working even with expired code signing cert

Post by gkatz »

oh ok so only logs from OWS will show this? it will not halt the application or not laynch it?

Post Reply