Issue with ISV license after X509 certificate expires

In Microsoft Dynamics AX 2012, ISV licensing feature was added to enable IP protection for ISV. Developers could create new model, add a license key and associate an X509 certificate with the model. This meant when customers imported the model in AX, they would require a license file signed by same X509 certificate to be able to unlock the feature. AX would verify validity of the certificate, check associated model and unlock feature as designed. However, when the X509 certificate expired the license immediately becomes invalid, thus requiring ISV to issue new license with valid certificate. This meant both new licenses being signed by expired certificate and license previously generated using currently expired certificate would not work with that particular model.

This was identified as a bug and has been fixed in AX 2012 R2. Now each license signed by X509 certificate is generated with a timestamp. When customers import ISV license signed by certificate, we check validity to make sure certificate was valid during the time of creation only, rather than time of usage. This ensures license to be valid beyond time of certificate expiration. This code base was fixed in R2 only, for this to work both AXutil.exe and AOS service must be R2.