Issue with ISV license after X509 certificate expires

In Microsoft Dynamics AX 2012, ISV licensing feature was added to enable IP protection for ISV. Developers could create new model, add a license key and associate an X509 certificate with the model. This meant when customers imported the model in AX, they would require a license file signed by same X509 certificate to be able to unlock the feature. AX would verify validity of the certificate, check associated model and unlock feature as designed. However, when the X509 certificate expired the license immediately becomes invalid, thus requiring ISV to issue new license with valid certificate. This meant both new licenses being signed by expired certificate and license previously generated using currently expired certificate would not work with that particular model.

This was identified as a bug and has been fixed in AX 2012 R2. Now each license signed by X509 certificate is generated with a timestamp. When customers import ISV license signed by certificate, we check validity to make sure certificate was valid during the time of creation only, rather than time of usage. This ensures license to be valid beyond time of certificate expiration. This code base was fixed in R2 only, for this to work both AXutil.exe and AOS service must be R2.

Comments (4)
  1. Alex says:

    Sweeeet….fixed bug which wasn't a bug. Why x509 certificate has expiration date anyway?

    Expiration date in license is there for reason.

    With expiration date you can control your customers licenses.

    You can give 'trial' license to customer let's say for evaluation purposes.

    You can provide you solution on subscription basis.

    Lets say those who don't have valid subscription can't use your solution.

    BTW ISV can set expiration date as year 2100 if they want.

  2. Bigyanr says:

    Alex, this is related to certificate expiration and not license expiration that ISV set. Every time certificate expired license would become invalid, causing issues at customer site. Practically, certificates used for code signing must be valid to generate the license. Once it is generated and ISVs are verified, it is no longer required to verify certificate against expiry.

    The case for setting license expiration date for scenarios like limited trial is still valid.

  3. Bart Verstegen says:


    could you tell me in what R2 CU this is fixed?


  4. BigyanR says:

    Bart, This was fixed in AX 2012 R2 release.

Comments are closed.

Skip to main content