What is the URL of a timestamp server for jarsigner?

Discussion in 'Java' started by Mark Riordan, Aug 16, 2005.

  1. Mark Riordan

    Mark Riordan Guest

    In Java 5.0, jarsigner is now able to access a timestamp server
    to put a timestamp in the signature.
    However, I cannot find a timestamp server that is compatible
    with jarsigner.

    For example, when I do:

    jarsigner -tsa http://timestamp.verisign.com/scripts/timstamp.dll -keystore
    my.keystore -storepass mystorepass MyApplet.jar mycert

    I get:

    jarsigner: unable to sign jar: java.io.IOException: MIME Content-Type is not
    application/timestamp-reply

    Extensive Googling has given me all sorts of hints on how to
    timestamp with Microsoft Authenticode, but that does not apply
    to Java.

    Can anyone help?

    Thanks.

    Mark Riordan
     
    Mark Riordan, Aug 16, 2005
    #1
    1. Advertising

  2. Mark Riordan

    Roedy Green Guest

    On Tue, 16 Aug 2005 14:52:24 -0500, "Mark Riordan"
    <> wrote or quoted :

    >jarsigner: unable to sign jar: java.io.IOException: MIME Content-Type is not
    >application/timestamp-reply


    Verisign's service I believe is only available if you bought your code
    signing cert from Verisign.

    see http://mindprod.com/jgloss/timestamp.html
     
    Roedy Green, Aug 17, 2005
    #2
    1. Advertising

  3. Mark Riordan

    Roedy Green Guest

    On Tue, 16 Aug 2005 14:52:24 -0500, "Mark Riordan"
    <> wrote or quoted :

    >jarsigner: unable to sign jar: java.io.IOException: MIME Content-Type is not
    >application/timestamp-reply


    What is supposed to happen, is if the CA does not want to sign your
    request, it is supposed to return the correct mime type with a
    human-readable trailer error message.

    Did you buy your code-signing cert from Verisign? If so, check up on
    their website about timestamping and make sure you are properly
    registered for the service.

    I found a test suite for timestamping, but only 2 actual timestamp
    services that use the Java protocol. The world is suffering from too
    many standards.
     
    Roedy Green, Aug 18, 2005
    #3
  4. In article <>,
    lid says...

    >Did you buy your code-signing cert from Verisign? If so, check up on
    >their website about timestamping and make sure you are properly
    >registered for the service.


    I bought it from Thawte (owned by Verisign).
    Neither Thawte nor Verisign knows anything about Java.

    >I found a test suite for timestamping, but only 2 actual timestamp
    >services that use the Java protocol. The world is suffering from too
    >many standards.


    Can you share the URL for those services?

    Thanks!

    Mark R

    (P. S. I couldn't decode your spamified email address.)
     
    Mark Riordan`, Sep 1, 2005
    #4
  5. Mark Riordan

    Roedy Green Guest

    On Thu, 01 Sep 2005 16:14:19 -0500, Mark Riordan`
    <> wrote or quoted :

    >Can you share the URL for those services?


    see http://mindprod.com/jgloss/timestamp.html

    The protocol 3631 was originally for Microsoft CAB and visual basic
    files. Fortunately, it was designed to be extensible to arbitrary code
    signing, now Java is using it.

    As I say in my essay, even after searching for over an hour, I could
    find only two 3631 timestamping services. There are products to set
    up your own timestamp service though, but you really need an
    arms-length third party since you could easily fudge your own service.

    --
    Canadian Mind Products, Roedy Green.
    http://mindprod.com Again taking new Java programming contracts.
     
    Roedy Green, Sep 2, 2005
    #5
  6. Mark Riordan

    timestamp

    Joined:
    Nov 10, 2011
    Messages:
    1
    Necromancing this old thread to point out that a free TSA timestamp server is available here, using a well known root (Equifax):
    https://timestamp.geotrust.com/tsa

    More details on the VeriSign page:
    https://knowledge.verisign.com/support/code-signing-support/index?page=content&id=AR185

    Don't forget about the proxy params for HTTPS:
    -J-Dhttps.proxyHost=<hostname>
    -J-Dhttps.proxyPort=<portnumber>

    (For a plain HTTP timestamp server, the proxy params are called -J-Dhttp.proxyHost and -J-Dhttp.proxyPort)
     
    timestamp, Nov 10, 2011
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jay Canale

    Jarsigner and Timestamp

    Jay Canale, Mar 2, 2005, in forum: Java
    Replies:
    3
    Views:
    2,585
    Jay Canale
    Mar 4, 2005
  2. ted holden

    jarsigner?

    ted holden, May 14, 2005, in forum: Java
    Replies:
    2
    Views:
    1,027
    Ross Bamford
    May 14, 2005
  3. Rolf Gabler-Mieck

    jarsigner and webstart

    Rolf Gabler-Mieck, Jun 28, 2005, in forum: Java
    Replies:
    8
    Views:
    6,479
    Rolf Gabler-Mieck
    Jun 29, 2005
  4. Ed_Zep

    Jarsigner newbie question

    Ed_Zep, Jan 20, 2007, in forum: Java
    Replies:
    1
    Views:
    412
    Andrew Thompson
    Jan 20, 2007
  5. Satish
    Replies:
    1
    Views:
    612
    Roedy Green
    Oct 11, 2007
Loading...

Share This Page