diff --git a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/profile/VerifyHelper.java b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/profile/VerifyHelper.java
index 54944b4b9be7440aa554fc7545dabdc3c94c2305..843a0522bf890bd1e1729afba6ee37d660064fca 100644
--- a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/profile/VerifyHelper.java
+++ b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/profile/VerifyHelper.java
@@ -26,6 +26,10 @@ import com.ohos.hapsigntool.utils.FileUtils;
 import com.ohos.hapsigntool.utils.ValidateUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Set;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x509.Time;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
 import org.bouncycastle.cms.CMSException;
@@ -44,10 +48,13 @@ import java.security.Signature;
 import java.security.SignatureException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
+import java.time.LocalDateTime;
+import java.time.ZoneId;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Date;
 
 /**
  * Signed provision profile verifier.
@@ -134,11 +141,21 @@ public class VerifyHelper implements IProvisionVerifier {
             SignerInformationStore signerInfos = cmsSignedData.getSignerInfos();
             Collection<SignerInformation> signers = signerInfos.getSigners();
 
+            Date signTime = Date.from(LocalDateTime.now().atZone(ZoneId.systemDefault()).toInstant());
+
             for (SignerInformation signer : signers) {
                 SignerId sid = signer.getSID();
+                ASN1Set attrValues = signer.getSignedAttributes().get(PKCSObjectIdentifiers.pkcs_9_at_signingTime)
+                        .getAttrValues();
+
+                if (attrValues.size() > 0) {
+                    ASN1Encodable objectAt = attrValues.getObjectAt(0);
+                    signTime = Time.getInstance(objectAt).getDate();
+                }
+
                 X500Principal principal = new X500Principal(sid.getIssuer().getEncoded());
                 CertChainUtils.verifyCertChain(certificates, principal, sid.getSerialNumber(),
-                        certificates.get(certificates.size() - 1));
+                        certificates.get(certificates.size() - 1), signTime);
             }
 
             result.setContent(FileUtils.GSON.fromJson(new String((byte[]) (cmsSignedData
diff --git a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/CertChainUtils.java b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/CertChainUtils.java
index 8ef733caf18275e297744f54647ff5e4e697efb7..7bfb0653e6d85a25216da3caba0a6488d218100d 100644
--- a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/CertChainUtils.java
+++ b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/CertChainUtils.java
@@ -59,7 +59,7 @@ public class CertChainUtils {
     }
 
     private static CertPath getCertPath(List<X509Certificate> certificates, KeyStore trustStore, X500Principal issuer,
-                                        BigInteger serial) throws KeyStoreException, InvalidAlgorithmParameterException,
+                                        BigInteger serial, Date signTime) throws KeyStoreException, InvalidAlgorithmParameterException,
             NoSuchAlgorithmException, CertPathBuilderException, CertificateException {
         if (certificates.size() != 1 && (issuer != null || serial != null)) {
             X509CertSelector targetCertSelector = new X509CertSelector();
@@ -69,7 +69,7 @@ public class CertChainUtils {
             CertStore certStore = CertStore.getInstance("Collection",
                     new CollectionCertStoreParameters(certificates));
             params.addCertStore(certStore);
-            params.setDate(Date.from(LocalDateTime.now().atZone(ZoneId.systemDefault()).toInstant()));
+            params.setDate(signTime);
             params.setRevocationEnabled(false);
             CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX");
             PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) certPathBuilder.build(params);
@@ -90,15 +90,15 @@ public class CertChainUtils {
      * @param root         root cert
      */
     public static void verifyCertChain(List<X509Certificate> certificates, X500Principal issuer, BigInteger serial,
-                                       X509Certificate root) {
+                                       X509Certificate root, Date signTime) {
         try {
             KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
             trustStore.load(null, null);
             trustStore.setCertificateEntry("root", root);
-            CertPath certPath = getCertPath(certificates, trustStore, issuer, serial);
+            CertPath certPath = getCertPath(certificates, trustStore, issuer, serial, signTime);
             PKIXParameters params = new PKIXParameters(trustStore);
             params.setRevocationEnabled(false);
-            params.setDate(Date.from(LocalDateTime.now().atZone(ZoneId.systemDefault()).toInstant()));
+            params.setDate(signTime);
             CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters());
             params.addCertStore(certStore);
             CertPathValidator validator = CertPathValidator.getInstance("PKIX");