Expiring codesigning certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2023 08:13 AM
Greetings everyone. I have a problem that I cannot seem to find a solution for. I have a certificate (code_signing_key_rome_publiccodedesignver) that is expiring soon. We are on San Diego and there is a code_signing_key for SanDiego as well. I am not sure I need to renew the Rome cert. Also, there is no renewal option and it is expiring in both my prod and dev environments. Do I just request a new cert or will it auto renew. I have searched through the community and the docs and can't seem to find anyting on the code signing certs. Theres plenty of info on SSO, LDAP, etc, but nothing about renewing of this certificate. Can anyone assist me with learning this?
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-13-2023 11:17 AM
Received the exact same response from support a few minutes ago.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2023 08:07 AM
We opened a ticket with ServiceNow and got different, conflicting advice. We're following up with a new ticket with a link to this discussion to see if we a matching response.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2023 08:28 AM
Definitely get a second option. Especially since they are telling us and others this is something that is handled by them internally (which makes perfect sense), and updated each time you upgrade to a new version. The cert we were getting notifications on that was expiring for us is for Rome and we are on San Diego. Our San Diego 509 doesn't expire until later this year. Of course we will be upgrading before that cert expires. What was the response they gave you?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2023 10:37 AM
2 things....
1. Thanks to chris-ind for the helpful post that clarifies the issue for us.
2. The response to our second ticket with ServiceNow is almost word for word identical with the response posted by chris-ind.
Special Note: I checked the setting for the system property "com.snc.kmf.signature.validation.flag" and it is false. So that means that we don't even have the feature that is protected by this cert. So we plan to ignore this one too.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-02-2023 10:33 AM
Hi all,
Realizing this is an older thread, I've been investigating this same certificate in our environment. We don't have the property set to true, but I've noticed a bunch (eg hundreds a day) of system log errors related to the Signing Keystore (eg "Signing Keystore is empty: no thrown error" and "Signing Keystore is empty: com.snc.platform.security.oauth.jwt.JWTException") that have previously been related to expired certificates. I'm inclined to think that we have to deactivate the code_signing_key_rome_publiccodesignver certificate in order to get those errors to stop. Wondered if anyone of y'all had seen/done the same thing?
Thanks!
-Chuck
