Code signing certificates are valid from 1 to 4 years. When your certificate expires only your ability to create new signatures is affected, past signatures remain valid as long as you used a timestamp when you sign.

Comodo provides a timestamp server free to any certificate holder, the URL is http://timestamp.comodoca.com/authenticode - that URL can be passed to signing utilities like Microsoft's signtool.exe. If you're using K Software's free signing utility, kSign, then you do not need to worry about it because kSign timestamps automatically. You should always use a timestamp!


**PLEASE NOTE: As of May 30th 2020, SHA1 timestamping is effectively deprecated as the SHA1 roots have expired. Use only the SHA256 timestamp server from now on - http://timestamp.comodoca.com/?td=sha256.