Page 1 of 1

The certificate is not within its validity period

Posted: Tue 05 Oct 2021 12:06
by alexbozhko
Some days ago I renewed my Let's Encryption certificate for my web site.
I have the programm code like this

Code: Select all

procedure TForm1.Button1Click(Sender: TObject);
 var ScHttpWebRequest: TScHttpWebRequest:= TScHttpWebRequest.Create(nil);
   ScHttpWebRequest.RequestUri:= 'https://<my_site_url>/getnewstest.php';
   ScHttpWebRequest.Method:= rmPost;
   ScHttpWebRequest.ContentType := 'application/x-www-form-urlencoded';
   var postdata: string := 'UserID=8247cf45495e65fa5d4c2dc587336e6c';
   var Buf: TBytes := TEncoding.UTF8.GetBytes((postdata));

   ScHttpWebRequest.ContentLength := Length(Buf);

   var httpWebResponse: TScHttpWebResponse:= ScHttpWebRequest.GetResponse();
   var Response: string:= httpWebResponse.ReadAsString;

This code works for our clients and checks for program updates
But after update certificate I get exception

Debugger Exception Notification
Project SEB_Test.exe raised exception class EScAlertError with message 'The certificate is not within its validity period'.
Break Continue Help
When I enter this URL (https://<my_site_url>/getnewstest.php) into my browser I have no any warnings or exceptions.
So, I think my certificate is correct.

Thanks for all your help.

Re: The certificate is not within its validity period

Posted: Wed 06 Oct 2021 14:48
by YanishevskiyVI
Hi Alex,

Please be informed, this exception means an expired certificate still persists in certificate chain.
certbot-related resources wrote:Presumably, you did not delete the expired certificate from the server's certificate store before updating the server one, so it is still present in the certificate chain.
by default SecureBridge components will not tolerate to any certificate expiration issue. As an exceptional case, you may:
  • Set TScSSLClientOptions.IgnoreServerCertificateValidity to True, in order for the client to ignore the certificate validity period. It is a simple but not optimal solution, since security will be dramatically decreased;
  • perform your own custom certificate validation (as you have mention, for example) in TScSSLClientOptions.OnServerCertificateValidation event, detect expired certificate and remain it is valid. A bit more complicated, but much more secure way;
both methods are secure violating, transitional solutions!

In case you have ensured in your certificate validity, i.e. bug should be suspected, please leave a bugreport via Devart user's portal.
