The certificate is not within its validity period

Discussion of open issues, suggestions and bugs regarding network security and data protection solution - SecureBridge
Post Reply
alexbozhko
Posts: 3
Joined: Wed 20 Jan 2016 15:43

The certificate is not within its validity period

Post by alexbozhko » Tue 05 Oct 2021 12:06

Some days ago I renewed my Let's Encryption certificate for my web site.
I have the programm code like this

Code: Select all

procedure TForm1.Button1Click(Sender: TObject);
begin
 //
 var ScHttpWebRequest: TScHttpWebRequest:= TScHttpWebRequest.Create(nil);
 try
   ScHttpWebRequest.RequestUri:= 'https://<my_site_url>/getnewstest.php';
   ScHttpWebRequest.Method:= rmPost;
   ScHttpWebRequest.ContentType := 'application/x-www-form-urlencoded';
   var postdata: string := 'UserID=8247cf45495e65fa5d4c2dc587336e6c';
   var Buf: TBytes := TEncoding.UTF8.GetBytes((postdata));

   ScHttpWebRequest.ContentLength := Length(Buf);
   ScHttpWebRequest.WriteBuffer(Buf);

   var httpWebResponse: TScHttpWebResponse:= ScHttpWebRequest.GetResponse();
   var Response: string:= httpWebResponse.ReadAsString;
 finally
   ScHttpWebRequest.Free;
 end;

end;
This code works for our clients and checks for program updates
But after update certificate I get exception

---------------------------
Debugger Exception Notification
---------------------------
Project SEB_Test.exe raised exception class EScAlertError with message 'The certificate is not within its validity period'.
---------------------------
Break Continue Help
---------------------------
When I enter this URL (https://<my_site_url>/getnewstest.php) into my browser I have no any warnings or exceptions.
So, I think my certificate is correct.

Thanks for all your help.
Top
YanishevskiyVI
Devart Team
Posts: 70
Joined: Wed 02 Jun 2021 09:30

Re: The certificate is not within its validity period

Post by YanishevskiyVI » Wed 06 Oct 2021 14:48

Hi Alex,

Please be informed, this exception means an expired certificate still persists in certificate chain.
certbot-related resources wrote:Presumably, you did not delete the expired certificate from the server's certificate store before updating the server one, so it is still present in the certificate chain.
Note:
by default SecureBridge components will not tolerate to any certificate expiration issue. As an exceptional case, you may:
  • Set TScSSLClientOptions.IgnoreServerCertificateValidity to True, in order for the client to ignore the certificate validity period. It is a simple but not optimal solution, since security will be dramatically decreased;
  • perform your own custom certificate validation (as you have mention, for example) in TScSSLClientOptions.OnServerCertificateValidation event, detect expired certificate and remain it is valid. A bit more complicated, but much more secure way;
Note:
both methods are secure violating, transitional solutions!

In case you have ensured in your certificate validity, i.e. bug should be suspected, please leave a bugreport via Devart user's portal.

Regards,
Vitaliy
Top
Post Reply

Return to “SecureBridge”