Does IE raises error if the code sign expires?

Question

We have a full trust XBAP code written with .Net Framework 4.0 signed with a certificate from Versign which expires on October 24, 2014. It is not time-stamped. I am wondering what would happen when the code sign expires. I have researched through internet the answer seems to be both yes and no. Some say the application is OK since when it is signed, the certificate was valid and others seems to say it is flagged as untrusted and IE will raise error or some kind of popup message. We did purchase a new certificate and signed with it, which is to be delivered to the customers. But, I do not know what I should tell our customers what will happen when if they don't use the application with the new code sign.

Do you guys have any idea? If any error is raised, what kind of error is shown?

Thanks.

Answer 1

I realized this is old post, but if you have a signed XBAP with .Net Framework 4.0, then it shows a error message box, but you can click run and then you can run the application if the certificate is valid when the application is signed.

Answer 2

Proper certificate validation should match current time and certificate validity time (see my answer for details). In other words the certificate must be valid at the moment of signature validation. If there's a timestamp included, then the certificate must be valid at the moment of timestamping (and timestamping certificate must be valid at the moment of signature validation).

So I assume that IE should report that the certificate is no longer valid, and maybe not run the code at all.