Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


20230929 - Old roots deprecation by Microsoft

At the end of August 2023, some applications suddenly stopped working on Windows. These latter had in common that they had been signed by code signing certificates chained with old Symantec roots.

The cause ? Without warning, Microsoft would have depreciated old roots of its trust program, impacting dozens of signatures.

What happened ?

Microsoft did not communicate on the incident, however it appeared that certain old roots had been assigned a "notBefore" date making them de facto invalid.

Applications signed by code signing certificates chained to these roots, whether they have been timestamped or not, have then been rejected by Windows.

Troubleshooting

Whether it was an error or a deliberate decision by Microsoft, the firm quickly reversed course and resolved the problem in the days that followed.

Steps to take

It is a safe bet that Microsoft has only postponed the depreciation of a set of old roots and that, in the more or less near future, a similar problem will arise.

Our advice is therefore to re-sign all your applications that were signed before 2018 with a Thawte, Geotrust, Symantec or VeriSign certificate.