Highlighted
Absent Member.
Absent Member.
1291 views

OES Client 2SP4 IR8a Certificate

I am building a ZENworks Bundle for "Client for Open Enterprise Server 2SP4 (IR8a)"

and noticed that the certificate used to sign the "Client_for_Open_Enterprise_Server_2_SP4_IR8a.exe" is only valid until 2018-08-01!

I usually install the Certificate with the bundle in order to avoid the Certificate warning during installation.

What happens AFTER 2018-08-01?
Will the client/bundle still install SILENTLY?
Will Novell / Microfocus issue a new Client with new certificate signature soon - possibly 8b?

THIS IS JUST 2 MONTH from NOW

Klaus
Labels (1)
0 Likes
3 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

BachmannK <BachmannK@no-mx.forums.microfocus.com> wrote:

> What happens AFTER 2018-08-01?
> Will the client/bundle still install SILENTLY?


Yes, Windows will continue to recognize that the Client for Open
Enterprise Server is validly signed, and will continue to recognize
that you have already imported this certificate as a "Trusted
Publisher", even after August 2018.

The reason is because of the time stamp signature that is present on
the Client for Open Enterprise Server product files, in addition to
the actual Micro Focus & Microsoft signatures. The time stamp
signature proves "when was this product signed", and Windows'
signature validation process checks to make sure the certificate was
valid /during that time period/, even if the certificate used during
that signing process has subsequently expired.

Also described in documentation at "Section 2.6.3, Effects of the
Novell, Inc. Certificate Expiration".
https://www.novell.com/documentation/windows_client/windows_client_admin/data/bqgnrgi.html#bqgo3fi

Alan Adams
Client for Open Enterprise Server
Micro Focus
alan.adams@microfocus.com
0 Likes
Highlighted
Absent Member.
Absent Member.

Thanks for clarification.

And I assume I can import the outdated certificate silently even after the expiration date.

Klaus
0 Likes
Micro Focus Expert
Micro Focus Expert

BachmannK <BachmannK@no-mx.forums.microfocus.com> wrote:

> And I assume I can import the outdated certificate silently even after
> the expiration date.


Correct. For example if you had some reason you wanted to begin
silently installing a client product that was shipped back in 2013,
the correct certificate to import & that Windows will need to see as
part of the Trusted Publishers list will be the long-expired
certificate that was in use back in 2013. Not a "current certificate"
or "more up-to-date certificate."

Alan Adams
Client for Open Enterprise Server
Micro Focus
alan.adams@microfocus.com
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.