We have several InfoPath Browser Enabled Form templates on our SharePoint Server 2010 environment. Users have been using their browser (IE 8) to create and sign several (over 1000) InfoPath forms on SharePoint form libraries.
Everything was working fine until user certificates started expiring. User certificates expire every year and they get automatically renewed. Now, when opening a InfoPath form in the browser, the form displays an ugly red text saying "There is a problem with this signature". When you click on the "Show Details" link, the web dialog shows that the certificate expired. Yes, the certificate expired but at the time the user signed the form, the certificate was valid.
This is causing problems because when comes the time for audits, the forms show this error which is unacceptable by the auditors! It also confuses many of our users...
So my question is: Is it possible to bypass this certificate expiry date check that InfoPath Form Services do when loading the form? Simply check if the form has been signed bypassing that logic would be wonderful!! I hope that there is an option that can be modified somewhere to allow that.
We use SharePoint Server Enterprise 2010 SP1
As for this forms with the expired signatures ,you should resign the form to get rid of the error message .You can create certificates with a longer timer stamp .So that the form will not expire in a short term .
For more information about the long term signature ,please refer to this site:
Digital Signature Support in InfoPath 2010: http://blogs.msdn.com/b/infopath/archive/2010/02/18/digital-signature-support-in-infopath-2010.aspx
TechNet Community Support
Thanks for the reply, but the approach of resigning the forms is not acceptable. I simply need to remove that extra timestamp verification that InfoPath Form Service does when opening the form in the browser.
Or, if possible, simply hide that ugly red text saying that there is a problem with the signature.
Any other suggestions?
Gabriel Lead SharePoint Developer
I'll be curious to hear what you are able to accomplish.
My understanding is that the group policy approach will work if you are using InfoPath filler as this would support timestamping, but that Web Forms do not support timestamping.
There is a conspicuous absense of information about long term Signatures in Infopath Web Forms. The usefullness of this feature is really starting to look like the Emperor's new clothes.
I submitted a comment to this blog: http://blogs.msdn.com/b/infopath/archive/2010/02/18/digital-signature-support-in-infopath-2010.aspx and reasked a question that you submitted: re disabling expiration check. Again, the lack of an answer to your question is somewhat conspicious.
To be honst, I'm quite surprised that there aren't numerous people encountering this same issue. I wonder how many installations are vulverable and just have not realized it yet, and won't until they have 100s or 1000s of signed forms that now show as invalid.