Back=right
mouse click.
Back=right
mouse click.
HTTP > Applets and ActiveX > Settings | ActiveX Executables
The settings you specify in this screen will affect the action IWSVA takes on all Windows cabinet files and PE COM objects (of which Active controls are a subtype). For example, if you configure IWSVA to check the signing certificate's expiration date, then for all certificates that are expired, IWSVA also takes the action specified for an invalid signature in the ActiveX Security Rules page.
Check the expiration of signing certificate—If the signing certificate is expired the signature is considered invalid. IWSVA takes the action configured for invalid certificates.
Check the expiration of all certificates in the chain—If any certificate in the signing chain (including the root, but not the signing certificate) has expired, then the signature is considered invalid. IWSVA takes the action configured for invalid certificates.
If the signature has a timestamp countersignature—Some files have timestamp "countersignatures.” These are used to extend the validity of a signature beyond the expiration dates on the certificates in its signature chain.
Use timestamp when a certificate is expired—If certificate expiration is being checked and one (or more) are found to be expired, validate the timestamp signature and use it if it turns out to be valid. Note that timestamp signatures are validated in exactly the same way (and under the same IWSVA settings) as the file signatures are.
Timestamp countersignatures do not expire—Do not check the expiration of certificates in the timestamp signature. For timestamp countersignatures this is considered normal (only revocation – and the time of revocation – matters).
Check the revocation status of the certificate—If a certificate has a status of "revoked," IWSVA considers the signature invalid. If IWSVA cannot determine the status, you can have it reset the status to either Valid or Invalid. Note that a revocation source must be designated in a certificate, or in one of the certificates in its signing chain, before a revocation check can be attempted.