If you sign an installer, executable file, or other code with an expired code signing certificate, it will not be trusted by users’ operating systems. You should renew your code signing certificate with your certificate authority (CA) before it expires.
If you timestamp your code when you sign it, the code will be trusted after the certificate expires. If you do not timestamp your code, the digital signature will expire along with the certificate, and your code will no longer be trusted. Therefore, it’s a good idea to timestamp your code when you sign it. Please read Using Your Code Signing Certificate for information on how to timestamp your code when signing.
The answer depends on the type of code signing certificate you have:
• Extended Validation (EV) code signing certificates get an automatic SmartScreen reputation boost from Windows, so you should not get SmartScreen warnings after renewing an EV code signing certificate.
• If you have a standard Organization Validation (OV) and Individual Validation (IV) code signing certificate, you will likely need to go through a period of rebuilding the renewed certificate’s SmartScreen reputation before your code is widely trusted on Windows systems.
