FAQ: Expired Code Signing Certificates

Will I still be able to sign code after my code signing certificate expires?

If you sign an installer, executable file, or other code with an expired code signing certificate, it will not be trusted by users’ operating systems. You should renew your code signing certificate with your certificate authority (CA) before it expires.

Will my old signed code become untrusted when my code signing certificate expires?

If you timestamp your code when you sign it, the code will be trusted after the certificate expires. If you do not timestamp your code, the digital signature will expire along with the certificate, and your code will no longer be trusted. Therefore, it’s a good idea to timestamp your code when you sign it. Please read Using Your Code Signing Certificate for information on how to timestamp your code when signing.

Will I have to rebuild my Microsoft SmartScreen reputation after I renew my code signing certificate?

The answer depends on the type of code signing certificate you have:

Extended Validation (EV) code signing certificates get an automatic SmartScreen reputation boost from Windows, so you should not get SmartScreen warnings after renewing an EV code signing certificate.

• If you have a standard Organization Validation (OV) and Individual Validation (IV) code signing certificate, you will likely need to go through a period of rebuilding the renewed certificate’s SmartScreen reputation before your code is widely trusted on Windows systems.

Subscribe to SSL.com’s Newsletter

Don’t miss new articles and updates from SSL.com

Stay Informed and Secure

SSL.com is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from SSL.com.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.