Hello,
we have WebWasher installed in the corporate network. This blocks the download of the actual 7-zip file '7-ZipPortable_4.65_Rev_2.paf.exe' with the remark that the Microsoft Authenticode certificate has expired.
These certificates seem to last one year, the file on the server is from June 2009. Maybe thats the problem?
Could this be fixed?
TIA
Bye
Clemens
Software is signed all the time. And if you happen to sign with a certificate in July and it expires in August, you don't need to resign it in September. The certificate is still valid because it was signed during the time the certificate is valid. Windows and the authenticode system is purposely designed to work this way. If WebWasher doesn't, then that's a pretty huge bug in WebWasher that should be reported to them by their users.
Sometimes, the impossible can become possible, if you're awesome!
Hello John,
thanks for your answer. Maybe I'm wrong when interpreting the WebWasher page I receive. I paste the message here (it's german unfortunatly):
=======================================================
Ihre Anforderung, einen Download der URL http://ignum.dl.sourceforge.net/project/portableapps/7-Zip%20Portable/7-... durchzuführen, wurde durch einen Sicherheitsfilter von Webwasher geblockt.
Die Komponente, die die Blockierung ausgelöst hat, filtert Dateien, die mit Authenticode von Microsoft beglaubigt werden können.
Grund der Blockierung: certificate has expired (depth = 0)
Verletzung der Sicherheitsnorm in Datei: http://ignum.dl.sourceforge.net/project/portableapps/7-Zip%20Portable/7-...
Reputationsstufe: Neutral
=======================================================
It says something like: Your dowload request ... was blocked by the WebWasher security filter. The component that blocked the download checks files signed by Authenticode from Microsoft. Reason for blocking: certificate has expired (depth = 0). Security norm has been harmed by file: ... Reputation level: Neutral
Does this say something to you?
Bye
Clemens
That shows me that WebWasher definitely has an issue. The file was signed with a certificate that was valid from September 27, 2008 to September 28, 2009. The file itself was signed and timestamped on June 4, 2009 at 2:46:15pm EDT, which is during the time this certificate was valid. All of this information is contained in the file. Windows correctly interprets this as being validly signed and will show the standard warning on run (downloaded from the internet, signed by Rare Ideas, LLC, do you want to run it?). WebWasher is *incorrectly* telling you that the digital certificate is expired.
It doesn't matter whether a cert is expired or not. What matters is if the cert was valid at the time it was signed and timestamped (it was) and whether that cert has been revoked (it hasn't). So this is a huge issue on WebWasher's part and it should definitely be reported to them. Feel free to link to this thread and my explanations here.
Sometimes, the impossible can become possible, if you're awesome!