Jump to content

Archived

This topic is now archived and is closed to further replies.

Johuan

Certificate Question

Recommended Posts

Hello! I am a bit paranoid and also not very tech savvy so i would please need your advise. I downloaded the ESET Internet Security installer from your website and i saw that the sha256 certificate had an expire date of 06 May of 2019. Could you please tell me what that means? Is it safe to install the .exe file or does it need update? Thanks and sorry if the question is silly.

Share this post


Link to post
Share on other sites
3 hours ago, Johuan said:

i saw that the sha256 certificate had an expire date of 06 May of 2019.

That is a bit odd. Mine has an expiration date of 12/12/2028.

Share this post


Link to post
Share on other sites

The countersignature method of time stamping allows for signatures to be verified even after the signing certificate has expired or been revoked. The time stamp allows the verifier to reliably know the time that the signature was affixed and thereby trust the signature if it was valid at that time.  Therefore you can disregard the SHA1 and SHA256 signatures.

 

Share this post


Link to post
Share on other sites

Hello, Marcos. Johuan says his .exe has a signature with an expiration date of 06 May of 2019 but itman has expiration date of 12 December 2028. Can you please confirm witch is the right one? P.S. I know both are valid but curious why they  are different. I just downloaded and says 06/05 /19 in the sha256.

Share this post


Link to post
Share on other sites
23 minutes ago, Martin223 said:

Hello, Marcos. Johuan says his .exe has a signature with an expiration date of 06 May of 2019 but itman has expiration date of 12 December 2028. Can you please confirm witch is the right one? P.S. I know both are valid but curious why they  are different. I just downloaded and says 06/05 /19 in the sha256.

I don't know what executables they checked but it doesn't matter. What matters is the presence of a countersignature which ensures that the certificate was valid at the time of signing the installer:

image.png

Share this post


Link to post
Share on other sites

I didn't realize the OP was referring to the cert. for the Eset Installer download.

I don't have a downloaded copy of the current installer, but will show a screen shot of the Eset cert. use to sign ekrn.exe. As @Marcos posted, as long as the it shows that the cert. is valid on the download .exe, there is nothing to be concerned about:

ekrn_cert.thumb.png.1887de496b018728c071b1b76ac04d2e.png

 

Share this post


Link to post
Share on other sites
8 minutes ago, itman said:

as long as the it shows that the cert. is valid on the download .exe, there is nothing to be concerned about

I would correct this - as long as there is a timestamp (countersignature), the digital signature remains valid if the certificates used to sign the file already expired.

Share this post


Link to post
Share on other sites
2 minutes ago, Marcos said:

as long as there is a timestamp (countersignature), the digital signature remains valid if the certificates used to sign the file already expired.

If its not countersigned, the cert. will show as expired as is my understanding.

Share this post


Link to post
Share on other sites

Also as I again understand it on Win 10, an app with an expired cert. will be flagged by UAC:

Quote

On the other hand you might find yourself in a perfectly valid situation where you’ve downloaded the drivers for a file directly from the manufacturer website and they simply won’t run properly on Windows 10 because of technical (but not malicious) problems like an expired or improperly applied certificate

https://www.howtogeek.com/230063/how-to-circumvent-this-app-has-been-blocked-for-your-protection-to-install-apps-in-windows-10/

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...