Issue with ISV license after X509 certificate expires
In Microsoft Dynamics AX 2012, ISV licensing feature was added to enable IP protection for ISV. Developers could create new model, add a license key and associate an X509 certificate with the model. This meant when customers imported the model in AX, they would require a license file signed by same X509 certificate to be able to unlock the feature. AX would verify validity of the certificate, check associated model and unlock feature as designed. However, when the X509 certificate expired the license immediately becomes invalid, thus requiring ISV to issue new license with valid certificate. This meant both new licenses being signed by expired certificate and license previously generated using currently expired certificate would not work with that particular model.
This was identified as a bug and has been fixed in AX 2012 R2. Now each license signed by X509 certificate is generated with a timestamp. When customers import ISV license signed by certificate, we check validity to make sure certificate was valid during the time of creation only, rather than time of usage. This ensures license to be valid beyond time of certificate expiration. This code base was fixed in R2 only, for this to work both AXutil.exe and AOS service must be R2.
Comments
Anonymous
October 31, 2013
Sweeeet....fixed bug which wasn't a bug. Why x509 certificate has expiration date anyway? Expiration date in license is there for reason. With expiration date you can control your customers licenses. You can give 'trial' license to customer let's say for evaluation purposes. You can provide you solution on subscription basis. Lets say those who don't have valid subscription can't use your solution. BTW ISV can set expiration date as year 2100 if they want.Anonymous
November 01, 2013
The comment has been removedAnonymous
November 20, 2013
Hi, could you tell me in what R2 CU this is fixed? thanks!Anonymous
December 05, 2013
Bart, This was fixed in AX 2012 R2 release.