Jump to content
Johuan

Certificate Question

Recommended Posts

Hello! I am a bit paranoid and also not very tech savvy so i would please need your advise. I downloaded the ESET Internet Security installer from your website and i saw that the sha256 certificate had an expire date of 06 May of 2019. Could you please tell me what that means? Is it safe to install the .exe file or does it need update? Thanks and sorry if the question is silly.

Share this post


Link to post
Share on other sites
3 hours ago, Johuan said:

i saw that the sha256 certificate had an expire date of 06 May of 2019.

That is a bit odd. Mine has an expiration date of 12/12/2028.

Share this post


Link to post
Share on other sites

The countersignature method of time stamping allows for signatures to be verified even after the signing certificate has expired or been revoked. The time stamp allows the verifier to reliably know the time that the signature was affixed and thereby trust the signature if it was valid at that time.  Therefore you can disregard the SHA1 and SHA256 signatures.

 

Share this post


Link to post
Share on other sites

Hello, Marcos. Johuan says his .exe has a signature with an expiration date of 06 May of 2019 but itman has expiration date of 12 December 2028. Can you please confirm witch is the right one? P.S. I know both are valid but curious why they  are different. I just downloaded and says 06/05 /19 in the sha256.

Edited by Martin223

Share this post


Link to post
Share on other sites
23 minutes ago, Martin223 said:

Hello, Marcos. Johuan says his .exe has a signature with an expiration date of 06 May of 2019 but itman has expiration date of 12 December 2028. Can you please confirm witch is the right one? P.S. I know both are valid but curious why they  are different. I just downloaded and says 06/05 /19 in the sha256.

I don't know what executables they checked but it doesn't matter. What matters is the presence of a countersignature which ensures that the certificate was valid at the time of signing the installer:

image.png

Share this post


Link to post
Share on other sites

I didn't realize the OP was referring to the cert. for the Eset Installer download.

I don't have a downloaded copy of the current installer, but will show a screen shot of the Eset cert. use to sign ekrn.exe. As @Marcos posted, as long as the it shows that the cert. is valid on the download .exe, there is nothing to be concerned about:

ekrn_cert.thumb.png.1887de496b018728c071b1b76ac04d2e.png

 

Edited by itman

Share this post


Link to post
Share on other sites
8 minutes ago, itman said:

as long as the it shows that the cert. is valid on the download .exe, there is nothing to be concerned about

I would correct this - as long as there is a timestamp (countersignature), the digital signature remains valid if the certificates used to sign the file already expired.

Share this post


Link to post
Share on other sites
2 minutes ago, Marcos said:

as long as there is a timestamp (countersignature), the digital signature remains valid if the certificates used to sign the file already expired.

If its not countersigned, the cert. will show as expired as is my understanding.

Share this post


Link to post
Share on other sites

Also as I again understand it on Win 10, an app with an expired cert. will be flagged by UAC:

Quote

On the other hand you might find yourself in a perfectly valid situation where you’ve downloaded the drivers for a file directly from the manufacturer website and they simply won’t run properly on Windows 10 because of technical (but not malicious) problems like an expired or improperly applied certificate

https://www.howtogeek.com/230063/how-to-circumvent-this-app-has-been-blocked-for-your-protection-to-install-apps-in-windows-10/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...