I have a digital key which is valid until 2019. However the certifing key and the root certificate have been valid until March 2017 only. Hence my key is not valid anymore under the shell modell (where the outer keys must be valid at least as long the inner one is valid). Microsoft Windows does not except my key as valid anymore although the key itself is valid:
Moreover I am unable to use it with signtool to sign an executable:
Before March 2017 I was able to use the key for code signing.
Is there a way to use the key with signtool even if the root certificate is not valid anymore? Is there any other tool with which I can sign Microsoft Windows executables? Does osslsigncode allow for such certificates?