Home → Troubleshooting → All Products: Other Issues → "The certificate has expired or is not yet valid."
Looking at the Trusted Publishers information in the Excel Trust Center, I see that our certificate has expired. When I click the View button, I get the message
The certificate has expired or is not yet valid.
How do I obtain a current certificate from Palisade?
There's no need.
All Palisade code is timestamped, meaning that a recognized certificate authority has validated that the code came from us at the time it was created. It doesn't matter to the end user if the certificate expires after that. The expired certificate can't be used to timestamp any new code, but code that was already timestamped while the certificate was in force continues to be valid.
Many articles that explain this can be found by searching "timestamped certificate" (without quotes) on the Web. Here is one, from Stack Overflow. Quote: "Timestamping involves a third party (usually your CA) attesting that you made the signature at a particular time. Regardless of when your certificate expires, somebody receiving the signed code can then verify that your certificate was valid at the time you signed it."
Microsoft's message "This certificate has expired or is not yet valid" is literally true but beside the point. You're not trying to sign code, which can't be done with an expired certificate; you're trying to use code that was signed with a valid certificate in force at the time of signing.
If you were simply exploring in Trust Center and found the expired certificate, there's no cause for alarm and you don't need to take any action. The Certificate Information screen from Excel doesn't make clear the distinction between signing new code and using existing signed code. The certificate needs to be in force when the code is signed, and it was. The certificate does not need to be in force when the signed code is used.
The latest certificate for Palisade is not shown in Trusted Publishers in Excel's Trust Center. Why not, and how can I view it? (I remember clicking Trust all from publisher when I first ran the software.)
There are several possible reasons. Excel sometimes doesn't show a later certificate when it has an earlier certificate for the same publisher. If you have the software installed in a trusted location (as listed in the trust center), Excel won't check the certificate. Or of course if you have macros set to Enable all macros, there's no need to check a certificate.
If Excel doesn't show you the current certificate in the Trust Center, you can display it in this fashion:
Remember, the certificate needs to be valid as of the date the add-in file was created, not necessarily as of today. For example, the @RISK 7.6.0 add-in is signed with a certificate good from 2018-01-08 to 2019-03-23. That doesn't mean that the add-in somehow becomes invalid or untrustworthy in mid-March 2019, just that the certificate can't be used after that date to sign new versions of the add-in files.
Isn't there some way to show the certificate without actually running the software?
Yes, you can display the installer's certificate. (For technical reasons of compatibility with different Excel versions, the installer and the add-ins have different certificates.)
Again, the certificate needs to be valid as of the date the installer was created, not necessarily as of today. For example, 7.6.0 installers are signed with a certificate good 2018-01-04 to 2019-03-22. That doesn't mean that the installer somehow becomes invalid or untrustworthy in mid-March 2019, just that the certificate can't be used after that date to sign new installers.
See also: Excel Macro Security Settings
Last edited: 2018-11-06