Description
When validating a signature, the Package Manager checks the validity range of the code-signing certificate used to sign the attestation/package. When the current date is passed the package code signing certificate validity range, the signature validation will fails with the ERR_SIGNED_ATTESTATION_VALIDATION_FAILED status and this reason:
Signed attestation validation failed: Validation of signer's certificate failed: The certificate is either not yet valid or expired
Reproduction steps
- Create a new project in the Hub and open Unity
- Add a package that is not a built-in package in the project (ex.: com.unity.timeline@1.8.10
- Note the version is important because the issue will not show up with recent packages that were signed with a code signing certificate that is currently active and valid.
Expected behaviour
The package signature status is valid
Actual behavior
The package signature status is invalid
Logs and Links