在我们的应用程序中,我们有JAR文件,这些文件由提供的代码签名证书签名。此代码是使用8月5日到期的证书签署的。
但是,在证书过期之前很久就签署了时间戳,因此如果可以验证TSA(时间戳授权),则应该继续正常运行。证书过期后代码无法运行,这是不可能的。
以下是我们的一位客户的java跟踪摘录。
security: The certificate has been expired, need to check timestamping info
security: Timestamping info is available
security: The certificate has been expired, need to check timestamping info
security: The certificate has expired, and it timestamped in valid period
security: Start checking TSA certificate path
security: PKIX path validation failed:java.security.cert.CertPathValidatorException: timestamp check failed
你们有什么想法?