When the following URL is not available, what other timestamp URL can I use in my setup authoring tool? The specific error I get is: SignTool Error: The specified timestamp server either could not be reached or returned an invalid response.
Asked
Active
Viewed 6.1k times
54
-
2One note though. If you get 404 doing a GET request (i.e. fetching that page using a browser), that doesn't mean that the service is unavailable. The TSP (time-stamp protocol) over HTTP is usually handled using a POST request, with a specific Content-Type HTTP header (application/timestamp-query). More info on these 2 links: https://www.ietf.org/rfc/rfc3161.txt and https://stackoverflow.com/questions/28085619/timestamping-using-tsa-url-and-java-apis – Mladen B. Jan 17 '19 at 14:20
7 Answers
67
Honestly, I would just try again. But you can use any of the following:
http://timestamp.globalsign.com/scripts/timstamp.dll,http://timestamp.comodoca.com/authenticode, orhttp://www.startssl.com/timestamp.http://timestamp.sectigo.com
Mitch Wheat
- 295,962
- 43
- 465
- 541
David Schwartz
- 179,497
- 17
- 214
- 278
-
2
-
1@Alain Endpoint http://timestamp.globalsign.com/scripts/timstamp.dll worked for me. The Verisign wasn't available yesterday :-( – Ramon de Klein Jul 12 '19 at 06:25
24
Try these servers
http://tsa.starfieldtech.com
http://timestamp.globalsign.com/scripts/timstamp.dll
http://timestamp.comodoca.com/authenticode
http://www.startssl.com/timestamp
http://timestamp.verisign.com/scripts/timstamp.dll
http://timestamp.sectigo.com
With a retry script such as the one included here: Alternative timestamping services for Authenticode
Mitch Wheat
- 295,962
- 43
- 465
- 541
Zymotik
- 6,412
- 3
- 39
- 48
-
2Today it looks like timestamp.verisign.com is gone. My DNS providers cannot resolve it. Thanks for these alternatives! – BillVo Jul 11 '19 at 15:27
-
If someone uses the FinalBuilder tool, this is a good article explaining how to try different servers: https://www.finalbuilder.com/resources/blogs/code-signing-changes-for-2016 with a great sample code ready-to-use: https://github.com/VSoftTechnologies/FinalBuilder.Examples/blob/master/FB8/CodeSigning/CodeSigningExample.fbp8 – ilCosmico Apr 05 '22 at 10:49
19
http://timestamp.verisign.com/scripts/timstamp.dll has limped along for the last few years and had been working in a sort of depreciated state, but the new owners of the certificate issuing business, DigiCert, have issued a migration alert.
They have officially put the old services to EOL as of the back end of 2019.
(article no no longer exists 18/11/2020) https://knowledge.digicert.com/alerts/migration-of-legacy-verisign-and-symantec-time-stamping-services.html
New services can be found at
RickWeb
- 1,765
- 2
- 25
- 40
-
I am getting the same, not sure what is going raised a ticket with them, latest guidence shows the url is correct. https://knowledge.digicert.com/solution/SO912.html – RickWeb Nov 16 '20 at 12:01
-
suddenly this works: http://timestamp.globalsign.com/scripts/timstamp.dll – Emrah Mehmedov Nov 16 '20 at 12:07
3
For jarsigner users:
As of 4/24/2017, Verisign knowledge base article AR185 recommends the jarsigner arguments "-tsa http://sha256timestamp.ws.symantec.com/sha256/timestamp". This works for certificates issued by Symantec, and presumably all of Symantec's subsidiaries, at least. http://timestamp.verisign.com/scripts/timstamp.dll does not work.
Eric Boesch
- 101
- 1
- 5
2
This list of time servers seems to be getting regular updates: https://gist.github.com/Manouchehri/fd754e402d98430243455713efada710
codesniffer
- 1,033
- 9
- 22
1
You can use "http://timestamp.digicert.com" without quotes. for more info: https://knowledge.digicert.com/solution/SO912.html
Vijesh V.Nair
- 157
- 1
- 18
0
Try these servers
http://timestamp.digicert.com
http://timestamp.comodoca.com/authenticode
other links is dead
SignTool Error: The specified timestamp server either could not be reached or returned an invalid response.
arutar
- 1,015
- 3
- 9