Last update:
Last verified version: AMC 3.2.1
Overview
Our ASGARD Agent Binary is CA signed. If you check the certificate you will discover, that the CA has expired.
In this article, we explain how you can ensure that our install binary is still classified as secure.
As the signature was executed with a valid certificate and a timestamp was available at the time of signing, the following applies:
The digital signature remains valid even after the certificate expires because it proves that the file was signed with a valid certificate at the time of signing.
The signature is still valid because:
-
The signature was made on 13.04.2023.
-
The certificate was valid until 04.09.2023.
-
The signature was timestamped.
-
The digital signature is displayed as “OK”.
Prerequisites
-
Installed ASGARD Agent
-
Administration rights to install SignTool.exe
Expected result
The integrity of the agent binary is guaranteed.
Steps to reproduce
Step 1: Install Signtool.exe
Download the Microsoft Windows SDK installer for your Windows OS and run it. As feature to install select “Windows SDK Signing Tools for Desktop Apps”.
Step 2: Check your Agent Binary with the SignTool:
c:\Program Files (x86)\Windows Kits\10\bin\x64>signtool.exe verify /pa /v c:\Windows\System32\asgard2-agent\asgard2-agent-service.exe
The result will look like this:
Verifying: c:\Windows\System32\asgard2-agent\asgard2-agent-service.exe
Signature Index: 0 (Primary Signature)
Hash of file (sha1): 66581DC5FC1A194C71224BC50DAFFC310A519DED
Signing Certificate Chain:
Issued to: AAA Certificate Services
Issued by: AAA Certificate Services
Expires: Mon Jan 01 01:59:59 2029
SHA1 hash: D1EB23A46D17D68FD92564C2F1F1601764D8E349
Issued to: USERTrust RSA Certification Authority
Issued by: AAA Certificate Services
Expires: Mon Jan 01 01:59:59 2029
SHA1 hash: D89E3BD43D5D909B47A18977AA9D5CE36CEE184C
Issued to: Sectigo RSA Code Signing CA
Issued by: USERTrust RSA Certification Authority
Expires: Wed Jan 01 01:59:59 2031
SHA1 hash: 94C95DA1E850BD85209A4A2AF3E1FB1604F9BB66
Issued to: Nextron Systems GmbH
Issued by: Sectigo RSA Code Signing CA
Expires: Mon Sep 04 01:59:59 2023
SHA1 hash: 287555E6294964FFF2BEC4AAC3EF53D74F3C9DDA
The signature is timestamped: Thu Apr 13 10:07:45 2023
Timestamp Verified by:
Issued to: DigiCert Assured ID Root CA
Issued by: DigiCert Assured ID Root CA
Expires: Mon Nov 10 02:00:00 2031
SHA1 hash: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Issued to: DigiCert Trusted Root G4
Issued by: DigiCert Assured ID Root CA
Expires: Mon Nov 10 01:59:59 2031
SHA1 hash: A99D5B79E9F1CDA59CDAB6373169D5353F5874C6
Issued to: DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
Issued by: DigiCert Trusted Root G4
Expires: Mon Mar 23 01:59:59 2037
SHA1 hash: B6C8AF834D4E53B673C76872AA8C950C7C54DF5F
Issued to: DigiCert Timestamp 2022 - 2
Issued by: DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
Expires: Tue Nov 22 01:59:59 2033
SHA1 hash: F387224D8633829235A994BCBD8F96E9FE1C7C73
Successfully verified: c:\Windows\System32\asgard2-agent\asgard2-agent-service.exe
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0