Hello,
While testing our application for Microsoft Certification we noticed that the Authenticode signature for Aspose.Slides.dll for the current .NET version (4.3) is not valid.
The certificate that was used to sign the file has expired on 2010-08-15 and the signature does not contain a timestamp that would enable verifying that the file was signed while the certificate was valid.
Could we get a new file that has a valid Authenticode signature?
Dear Olli,
I have shared the intermediate version of Aspose.Slides for .NET 4.3.3. You may please use this as its assembly is created is signed with new certificate valid till 2013. You may also try using product version Aspose.Slides for .NET 4.3.0, which is available for download from here.
Thanks and Regards,
Thanks for quick reply.
Based on the information on your web site I do not believe that the 4.3.0 installer there has been updated, but rather does have the same content as we are already using.
I noticed that the intermediate version you provided is also signed without a time stamp. This creates the same situation down the road where the signature comes invalid when the certificate expires. This might be problematic for some of our customers as they have very strict security policies in place which prevent use of modules which do not have a valid Authenticode signature. This in effect means that application(s) utilizing Aspose.Slides for .NET “breaks” for no apparent reason at some point in the future. Keeping track of various certificate expiration dates and forcing customers to upgrade is not desirable.
If did the Authenticode signing with a timestamp this won’t occur as it’s then possible to determine that the certificate was valid at the time the module was signed.
Could you use timestamped Authenticode signing in future releases in order to avoid this issue?
Dear Olli,
I have discussed the issue with our development team. Acccording to them, the time stamping worked automatically with old certificate but not with the new one. It will be time stamped manually in the upcoming release, which is hopefully scheduled, this weekend.
Thanks and Regards,