I'm sure people notice the "do you trust this certificate" dialog that you see when you install some plug-ins. I'm pretty sure this is because there are many old bundles in Orbit that are signed by a now-expired certificate, and these are in turn still distributed by the release train.
When I checked all the orbit bundles I have installed, all the bundles with invalid certs look the same, for example:
org.w3c.dom.smil_1.0.1.v200903091627 invalid certificate
CN="Eclipse Foundation, Inc.", OU=IT, O="Eclipse Foundation, Inc.", L=Ottawa, ST=Ontario, C=CA
Valid from: Wed Mar 04 00:00:00 GMT 2015
Valid until: Thu Mar 08 12:00:00 GMT 2018
Is there a way we can resign all the bundles that are currently signed with this expired cert?
There must be a way to do so without bumping the qualifier -- in the above example, the qualifier is much older than the start date of the certificate used to sign it, so my guess is this happened once before and we were successful in resigning all bundles without bumping the qualifier.
Any thoughts?
Mat
