I am not a certificate expert, so this may be a simple question.
We have purchased, for the past few years, Class 3 code signing certificates from Verisign. These expire every year, and we have to then acquire a new certificate, individually open, resign and republish all previously signed apps (usually Excel workbooks). This is a major hassle as we have a lot of signed apps.
Recently, we decided to use MS Certificate Server to sign our code as all of the apps reside within our intranet (we are not developing commercial software). Our Operations team has created a key that can be used, but we still have this one year expiry date issue, and they have quoted the following:
For certificates that are issued by Enterprise CAs, the validity period is hard-coded in the template that is used to create the certificate. Windows 2000 and Windows Server 2003 do not support modification of these templates. The template validity period is applied to all certificates that are issued by an Enterprise CA. There is no exception for the subordinate CA certificate templates. A certificate that is issued by a CA is valid for the maximum of the following periods of time:
Am I missing something here Having to resign and redeploy everything every year is a painful excercise, there must be an easier way to either extend the life of the key, or renew it without resigning/redeploying.
Any help with this is greatly appreciated.
Microsoft ISV Community Center Forums1