Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
List of free rfc3161 servers.
http://timestamp.digicert.com
http://timestamp.globalsign.com/tsa/r6advanced1
http://rfc3161timestamp.globalsign.com/advanced
http://timestamp.sectigo.com
http://timestamp.apple.com/ts01
http://tsa.mesign.com
http://time.certum.pl
https://freetsa.org
http://timestamp.globalsign.com/scripts/timstamp.dll
http://timestamp.globalsign.com/?signature=sha2
http://timestamp.wosign.com
http://tsa.startssl.com/rfc3161
http://dse200.ncipher.com/TSS/HttpTspServer
http://zeitstempel.dfn.de
https://ca.signfiles.com/tsa/get.aspx
http://services.globaltrustfinder.com/adss/tsa
https://tsp.iaik.tugraz.at/tsp/TspRequest
http://timestamp.entrust.net/TSS/RFC3161sha2TS
http://tsa.starfieldtech.com/
@trinhpham

This comment has been minimized.

Copy link

@trinhpham trinhpham commented Jul 13, 2018

I'm finding a free TSA that optimized for Asia users.
Do you know any?

(All above servers take at least 200ms for a ping response)

PS: The first server I've found is: http://tsa.wotrus.com (~75ms)

@seagate00

This comment has been minimized.

Copy link

@seagate00 seagate00 commented Nov 25, 2018

I finded new TSA server. You can use

http://oscp.cocbuilder.su/tsa.php

@haleba-hotmail

This comment has been minimized.

Copy link

@haleba-hotmail haleba-hotmail commented Jan 13, 2019

@Manouchehri ,,

Thanks for compiling this list.

My interest is in free general-purpose timestamping service (e.g. stamping pdf, zip files) and this page was near the top of Google's search results, so a good starting point for a comprehensive list of freeTSA servers, but some of the links appear to be dead

dse200.ncipher.com/TSS/HttpTspServer : address could not be found for either the full URL or the base address dse200.ncipher.com.

timestamp.geotrust.com/tsa : has been retired by Symantec and replaced with sha256timestamp.ws.symantec.com/sha256/timestamp (see INFORMATIONAL | Discontinued Use of (Legacy) SHA1 RFC 3161 timestamp service - DigiCert) and appears to be a direct link to their RFC3161 timestamper and not a "landing" page.

Not 100% certain but it looks like the "timestamp.dll" links are direct RFC3161 timestamp server links designed to be used for code-signing only (possibly by Microsoft's SignTool).

For what I came to this page for the best current (1/19/2019) link for genuinely free general-purpose timestamping is freetsa.org. No time to go through all the links, but this of interest so I will update this comment as time allows.

Thanks again for the scholarship compiling this resource.

@mcarpenterjr

This comment has been minimized.

Copy link

@mcarpenterjr mcarpenterjr commented Jan 25, 2019

Excellent resource! Is anyone generating, signing and timestamping PDFs on the fly? Currently working with TCPDF which signs ok but does not have time stamping implemented.

@jonybuzz

This comment has been minimized.

@Manouchehri

This comment has been minimized.

Copy link
Owner Author

@Manouchehri Manouchehri commented Jun 6, 2019

@jonybuzz Thanks, added.

@haleba-hotmail dse200.ncipher.com still resolves fine here. Could you try again?

@Manouchehri

This comment has been minimized.

Copy link
Owner Author

@Manouchehri Manouchehri commented Jun 6, 2019

@seagate00 Getting a connection refused for http://oscp.cocbuilder.su/tsa.php.

@haleba-hotmail

This comment has been minimized.

Copy link

@haleba-hotmail haleba-hotmail commented Jun 7, 2019

@Manouchehri

Double checked and it looks like the ncipher link is purely a timestamping server to be accessed via software like openssl and not a web site based service like freetsa, so simply putting the base address in a browser yields a "no page found" error, but it resolves fine in tracert.

@Silvenga

This comment has been minimized.

Copy link

@Silvenga Silvenga commented Jun 13, 2019

Looks like http://timestamp.globalsign.com/scripts/timstamp.dll is now paid product.

GlobalSign's trusted timestamping Software as a Service (SaaS) provides a low cost and easy method

@DarkIrata

This comment has been minimized.

Copy link

@DarkIrata DarkIrata commented Jul 11, 2019

http://tsa.startssl.com/rfc3161
http://tsp.iaik.tugraz.at/tsp/TspRequest
Can be removed from the list. While they get sign successfully, they aren't trusted by windows.

@who

This comment has been minimized.

Copy link

@who who commented Jul 11, 2019

It appears that http://timestamp.verisign.com/scripts/timstamp.dll no longer functions.

Edit: The downtime of the verisign service was temporary, and it came back online a few hours after going down.

@AbhiVaze2695

This comment has been minimized.

Copy link

@AbhiVaze2695 AbhiVaze2695 commented Oct 16, 2019

I tried using 1st URL (symantec) but it did not work.
I want to sign the exe file using SHA256. And I'm using C# language.
Is there any other URL which can be used for SHA256?
Please help.. Its urgent.
Thanks in advance!!!

@RPaulProxy

This comment has been minimized.

Copy link

@RPaulProxy RPaulProxy commented Oct 17, 2019

Digicert has announced that the former Verisign and Symantec time stamping services are deprecated; see [https://knowledge.digicert.com/alerts/migration-of-legacy-verisign-and-symantec-time-stamping-services.html] for their announcement. The three services timestamp.verisign.com/scripts/timstamp.dll, sha1timestamp.ws.symantec.com/sha1/timestamp, and sha256timestamp.ws.symantec.com/sha256/timestamp will go offline on or about Oct 31, 2019. They provide timestamp.digicert.com as the recommended replacement.

@Manouchehri

This comment has been minimized.

Copy link
Owner Author

@Manouchehri Manouchehri commented Oct 20, 2019

@RPaulProxy Thanks for the heads up, I've removed those two from my list.

I think long term it'd be a good idea to put this list into a library like https://github.com/trbs/rfc3161ng where URLs could be tested automatically.

@jeraldfdo

This comment has been minimized.

Copy link

@jeraldfdo jeraldfdo commented Dec 4, 2019

I'm finding a free TSA that optimized for Asia users.
Do you know any?

(All above servers take at least 200ms for a ping response)

PS: The first server I've found is: http://tsa.wotrus.com (~75ms)

This works fine Thanks mate

@n1tr0narc

This comment has been minimized.

Copy link

@n1tr0narc n1tr0narc commented May 16, 2020

Anyone here has any experience with a Philippine-based TSA?

@JohanVeBe

This comment has been minimized.

Copy link

@JohanVeBe JohanVeBe commented May 19, 2020

FreeTSA does not work in Adobe Acroboat. FreeTSA just gives an error message, then Adobe grabs time from the own computer.

For many of the above TSAI get I validation error (in Adobe Acrobat PRO) that
"The signature includes an embedded timestamp but it could not be verified".
I get this validation error for:
http://zeitstempel.dfn.de
https://tsp.iaik.tugraz.at/tsp/TspRequest
http://time.certum.pl
http://dss.nowina.lu/pki-factory/tsa/good-tsa
http://time.certum.pl
http://timestamp.digicert.com

Are there any free/open TSAs that yield verifiable timestamps?

@Manouchehri

This comment has been minimized.

Copy link
Owner Author

@Manouchehri Manouchehri commented May 19, 2020

@JohanVeBe Try http://timestamp.digicert.com. That's likely a CA you already have whitelisted.

@JohanVeBe

This comment has been minimized.

Copy link

@JohanVeBe JohanVeBe commented May 19, 2020

@JohanVeBe Try http://timestamp.digicert.com. That's likely a CA you already have whitelisted.

Thanks!
Yes, that one works!

@n1tr0narc

This comment has been minimized.

@sln162

This comment has been minimized.

Copy link

@sln162 sln162 commented May 31, 2020

@Manouchehri
http://rfc3161timestamp.globalsign.com/advanced
Globalsign also has a new URL

@Manouchehri

This comment has been minimized.

Copy link
Owner Author

@Manouchehri Manouchehri commented May 31, 2020

@JMK92: Thanks! Before I add it to the list, what's the difference between http://rfc3161timestamp.globalsign.com/advanced and http://timestamp.globalsign.com/scripts/timstamp.dll?

@sln162

This comment has been minimized.

Copy link

@sln162 sln162 commented Jun 1, 2020

@Manouchehri
There's actually another one http://timestamp.globalsign.com/?signature=sha2

  1. http://timestamp.globalsign.com/scripts/timstamp.dll
  2. http://timestamp.globalsign.com/?signature=sha2
  3. http://rfc3161timestamp.globalsign.com/advanced
    They use different signature algorithms, 1 for SHA1, 2 and 3 for sha256, which are also different certificate chains.

1)GlobalSign Root CA ----GlobalSign Timestamping CA - G2----GlobalSign TSA for Standard - G2
2)GlobalSign----GlobalSign Timestamping CA - SHA256 - G2----GlobalSian TSA for Advanced - G2
3)GlobalSign----GlobalSign Timestamping CA - SHA256 - G2----GlobalSign TSA for Advanced - G3 - 003-01

1 and 2 are the same timestamp.globalsign.com , DNS resolution, the vast majority of which was given to cloudflare, and a small part to fastly.com , part of China has been handed over to aliyun CDN (but recently HTTP 403 is not available in China)

DNS of 3 only resolves to cloudflare, and the stability is not necessarily worse than 1 and 2, everyone needs to actually test availability and speed based on their geographic location, I am used to MTR, compare loss and delay

@hmoffatt

This comment has been minimized.

Copy link

@hmoffatt hmoffatt commented Jun 11, 2020

http://timestamp.comodoca.com/rfc3161 is failing with Microsoft signtool right now. Changing server fixes it.

@sln162

This comment has been minimized.

Copy link

@sln162 sln162 commented Jun 11, 2020

@hmoffatt
ping1591840320
I just tested that signool can be used. I saw that your geographical location is Australia, so I started the test with multiple servers. There is no problem with the network. I guess it may be related to your signool settings.

Sectigo (comodoca) on May 31, Authenticode's timestamp certificate expired, so Authenticode cannot be used for signature, but it can be signed by using rfc3161, because they are different certificate chains. I think you may have this problem. Try changing the signtool parameter, adding / TD sha256, and forcing rfc3161

@hmoffatt

This comment has been minimized.

Copy link

@hmoffatt hmoffatt commented Jun 11, 2020

@JMK92 aha possibly because I am signing sha1 (then we sign sha256 next). I switched to timestamp.digicert.com.

@sln162

This comment has been minimized.

Copy link

@sln162 sln162 commented Jun 11, 2020

@hmoffatt I just tested that I can use sectigo (comodoca) double signature. It is OK for sha1 and sha256 to use it. The certificate is: Sectigo RSA Time Stamping Signer #1

@hmoffatt

This comment has been minimized.

Copy link

@hmoffatt hmoffatt commented Jun 11, 2020

@JMK92

signtool sign /v /f "my.p12" /p "mypassword" /tr "http://timestamp.comodoca.com/authenticode" /du "http://mydomain.com/" /fd sha1 "my.exe"
The following certificate was selected:

Done Adding Additional Store
SignTool Error: An unexpected internal error has occurred.
Error information: "Error: SignerSign() failed." (-2146869243/0x80096005)
@sln162

This comment has been minimized.

Copy link

@sln162 sln162 commented Jun 11, 2020

@hmoffatt
signtool sign /v /f "my.p12" /p "mypassword" /td sha256 /tr "http://timestamp.comodoca.com/rfc3161" /du "http://mydomain.com/" /fd sha1 "my.exe"

You try this, I added the / TD option, as well as the URL. In fact, sectigo (comodoca) can be used without / rfc3161. direct http://timestamp.comodoca.com , or http://timestamp.sectigo.com

@hmoffatt

This comment has been minimized.

Copy link

@hmoffatt hmoffatt commented Jun 11, 2020

Thanks that is working. It also works with the timestamp.digicert.com server, which is faster for me than the comodoca.com server.

@sln162

This comment has been minimized.

Copy link

@sln162 sln162 commented Jun 12, 2020

timestamp.globalsign.com Some time ago, due to the problem of CDN configuration in China, it could not be used. Now it has been fixed by them. Now it can be used normally in China

@VioletGiraffe

This comment has been minimized.

Copy link

@VioletGiraffe VioletGiraffe commented Jun 15, 2020

Thank you to @hmoffatt for bringing this up and to @JMK92 for explaining the problem and showing the solution. My automated builds suddenly started failing a couple weeks ago with a cryptic "SignTool internal error", which some suggested could be related to RFC time-stamping server, and indeed adding /td sha256 to signtool.exe command line worked. I'm using the http://timestamp.comodoca.com/rfc3161 server.

I still wonder what has changed, though. Did Comodo start defaulting to SHA-1 instead of SHA-256? Or did Signtool start requiring SHA-256 which previously was not a requirement? But signtool.exe didn't change, I literally have it in my repository under version control.

@yamamoto19730701

This comment has been minimized.

Copy link

@yamamoto19730701 yamamoto19730701 commented Jul 3, 2020

Although it is still under development, it is a service to put a time stamp on PDF, Image, Web page. It's still free now, so try it! (URL may change in the future)
I would be happy if you could give me your impressions.

https://ezts.net/

Tell me if you know the CA on the Adobe Approved Trust List that will sign your self-signed TSA certificate at a low cost.

@ylexus

This comment has been minimized.

Copy link

@ylexus ylexus commented Jul 27, 2020

Thank you to @hmoffatt for bringing this up and to @JMK92 for explaining the problem and showing the solution. My automated builds suddenly started failing a couple weeks ago with a cryptic "SignTool internal error", which some suggested could be related to RFC time-stamping server, and indeed adding /td sha256 to signtool.exe command line worked. I'm using the http://timestamp.comodoca.com/rfc3161 server.

I still wonder what has changed, though. Did Comodo start defaulting to SHA-1 instead of SHA-256? Or did Signtool start requiring SHA-256 which previously was not a requirement? But signtool.exe didn't change, I literally have it in my repository under version control.

Sectigo/Comodo acknowledged that there’s an issue with their time stamping server:

Thank you for contacting Sectigo Technical support. We are sorry for the delay in response. Yes, there is a issue with the timestamp server and our team is investigating the issue. We will get back to you with an update at earliest.

I am using Microsoft MSIX packaging tool which just stopped working with http://timestamp.comodoca.com/ recently.

@arulrajnet

This comment has been minimized.

Copy link

@arulrajnet arulrajnet commented Aug 6, 2020

@Manouchehri I found another one http://tsa.starfieldtech.com/

As per this they recommend to use http://timestamp.sectigo.com

we recommend you use a time stamp from http://timestamp.sectigo.com instead of http://timestamp.comodoca.com.

Verify TSA with openssl

touch test.txt
openssl ts -query -data test.txt -cert -sha256 -no_nonce -out request.tsq
cat request.tsq | curl -sSL -H 'Content-Type: application/timestamp-query' --data-binary @- http://timestamp.sectigo.com -o response.tsr
openssl ts -reply -in response.tsr -text
@Anku-k

This comment has been minimized.

Copy link

@Anku-k Anku-k commented Oct 3, 2020

@arulrajnet I am trying with option you have mentioned here I am getting error. It is on Windows Server OS
curl.exe -k --verbose -H 'Content-Type: application/timestamp-query' --data-binary @message.tsq http://tim
estamp.sectigo.com -o message.tsr
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0* Could not resolve host: application

  • Closing connection 0
    curl: (6) Could not resolve host: application
  • Rebuilt URL to: http://timestamp.sectigo.com/
  • Trying 91.199.212.79...
  • TCP_NODELAY set
  • Connected to timestamp.sectigo.com (91.199.212.79) port 80 (#1)

POST / HTTP/1.1
Host: timestamp.sectigo.com
User-Agent: curl/7.52.1
Accept: /
Content-Length: 59
Content-Type: application/x-www-form-urlencoded

  • upload completely sent off: 59 out of 59 bytes
    < HTTP/1.1 404 Not Found
    < Server: nginx
    < Date: Sat, 03 Oct 2020 02:55:40 GMT
    < Content-Type: text/html; charset=iso-8859-1
    < Content-Length: 268
    < Connection: keep-alive
    <
<title>404 Not Found</title>

Not Found

The requested URL was not found on this server.


Apache Server at timestamp.sectigo.com Port 443 * Curl_http_done: called premature == 0 * Connection #1 to host timestamp.sectigo.com left intact +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ When tried with sSL option no output. curl.exe -sSL --verbose -H 'Content-Type: application/timestamp-query' --data-binary @message.tsq http://ti mestamp.sectigo.com -o message.tsr Any advise?
@ragnarekker

This comment has been minimized.

Copy link

@ragnarekker ragnarekker commented Oct 13, 2020

Great compilation of timestamp authorities. Thanks!

Question: Why aren't servers generally on https? Its not important or..?

@Manouchehri

This comment has been minimized.

Copy link
Owner Author

@Manouchehri Manouchehri commented Nov 26, 2020

So for anyone wondering, here's a short list of which companies are "approved" by Adobe for signing: https://helpx.adobe.com/sign/using/custom-time-stamp-providers.html#ApprovedTimeStampProviders

There's also a longer list here: https://helpx.adobe.com/ca/acrobat/kb/approved-trust-list1.html

@arulrajnet That page is down at the moment, but I've replaced http://timestamp.comodoca.com/rfc3161 with http://timestamp.sectigo.com unless I hear otherwise. =)

@ragnarekker The signatures themselves can be validated, so HTTPS isn't technically required.

@mupaneu

This comment has been minimized.

Copy link

@mupaneu mupaneu commented Jan 6, 2021

zeitstempel.dfn.de is working fine on Linux when signing a LibreOfficeWriter to PDF export. I might try this on "my" Windows machine in LibreOffice in the office after lockdown as well. (A Windows machine is never mine, plus this is a machine my company owns.)

@zhanzhenzhen

This comment has been minimized.

Copy link

@zhanzhenzhen zhanzhenzhen commented Feb 15, 2021

I cannot use http://timestamp.digicert.com now. Anyone ran into the some problem?

@sln162

This comment has been minimized.

Copy link

@sln162 sln162 commented Feb 16, 2021

@zhanzhenzhen I test no problem, but in China digicert easy to connect timeout, slow access and even packet loss, so it is not recommended to use, I suggest you use it http://time.certum.pl

@zhanzhenzhen

This comment has been minimized.

Copy link

@zhanzhenzhen zhanzhenzhen commented Feb 16, 2021

@sln162 I tested again and yes it seems there's no problem with OpenSSL, but when I tried to timestamp a PDF document using the DigiCert TSA in Adobe Acrobat Reader DC, it said the protocol is not supported. In the past I can timestamp PDF documents using DigiCert TSA but now I can't. I don't know why.

@zhanzhenzhen

This comment has been minimized.

Copy link

@zhanzhenzhen zhanzhenzhen commented Feb 16, 2021

@sln162 Sorry for the stupid mistake. I didn't find that there's an error on DigiCert's page:

https://knowledge.digicert.com/generalinformation/INFO4231.html

On that page there's only one slash http:/. I just copy and paste that. OpenSSL is error-tolerant, but Adobe Acrobat isn't error-tolerant.

Now DigiCert works fine.

@ervinewell

This comment has been minimized.

Copy link

@ervinewell ervinewell commented Mar 3, 2021

On macOS, I specified http://timestamp.entrust.net/TSS/RFC3161sha2TS for codesigning, and this caused error CSSMERR_TP_NOT_TRUSTED when verifying the signature. I switched to http://timestamp.apple.com/ts1 and it worked.
Anybody knows why or other solutions?
image

@nihebe

This comment has been minimized.

Copy link

@nihebe nihebe commented Mar 10, 2021

Is anyone else getting a "server not found" in Adobe Reader for http://timestamp.globalsign.com/scripts/timestamp.dll?

Edit: Just saw that globalsign hosts another rfc3161 server at http://rfc3161timestamp.globalsign.com/advanced, which works perfectly in Adobe Reader. I'll go with that one from now on. :)

@seraphire

This comment has been minimized.

Copy link

@seraphire seraphire commented Mar 18, 2021

Does anyone know the state of the http://rfc3161timestamp.globalsign.com time servers? I was originally using standard, and that stopped working, went to advanced which was working for a week, and just now, it's redirecting me to a page that makes it look like it's now a paid service? Is it a temporary outage or did they just make it a paid product?

@davej

This comment has been minimized.

Copy link

@davej davej commented Mar 18, 2021

Hi @seraphire, just noticed the same. I'm not sure what's going on but I'm migrating to a different timestamp server.

@sln162

This comment has been minimized.

Copy link

@sln162 sln162 commented Mar 18, 2021

First, SHA1 of globalsign has stopped supporting. Reference News: https://globalsign.cn/news/newsdetail_93.shtml
http://timestamp.globalsign.com/scripts/timstamp.dll is SHA1,so it's not available.
http://rfc3161timestamp.globalsign.com/advanced It can't be used half an hour ago. Just now, it's no problem. It may not be stable. You can use other ones first

@cassolmc

This comment has been minimized.

Copy link

@cassolmc cassolmc commented Mar 18, 2021

@seraphire It's a temporary outage...
image

@davej

This comment has been minimized.

Copy link

@davej davej commented Mar 18, 2021

Thanks @cassolmc. Here's the GlobalSign status URL for anyone looking for it. https://status.globalsign.com/

@elbosso

This comment has been minimized.

Copy link

@elbosso elbosso commented Mar 19, 2021

This is maybe a little off topic - but I built such a server for self hosting. It can be found at https://github.com/elbosso/rfc3161timestampingserver

@KumG

This comment has been minimized.

Copy link

@KumG KumG commented Mar 29, 2021

What is the difference between http://timestamp.globalsign.com/?signature=sha2 and http://rfc3161timestamp.globalsign.com/advanced ?

The first one is not RFC3161 compliant ? Does it change anything ?

@LukeSesame

This comment has been minimized.

Copy link

@LukeSesame LukeSesame commented Apr 2, 2021

Hey Guys, i'm new in java and i want someone to help me. i need to know how to implement a Timestamp method/function using these TSA...
i want to know how to timestamp files.
Thank you.

@elbosso

This comment has been minimized.

Copy link

@elbosso elbosso commented Apr 3, 2021

Hey Guys, i'm new in java and i want someone to help me. i need to know how to implement a Timestamp method/function using these TSA...
i want to know how to timestamp files.
Thank you.

Well - you can try and have a look at https://github.com/elbosso/rfc3161client

@go2ready

This comment has been minimized.

Copy link

@go2ready go2ready commented Apr 21, 2021

Hi guys, I just found a new free TSA. http://tsa.mesign.com
I found it from their website: https://www.mesign.com/en-us/tsa/index.html
Hope this helps.

@sln162

This comment has been minimized.

Copy link

@sln162 sln162 commented May 4, 2021

@go2ready It cannot be used for program signing.

@Neepawa

This comment has been minimized.

Copy link

@Neepawa Neepawa commented Jun 8, 2021

I did a complete review of every site on this list by trying to connect to them using elinks, a text-mode browser. Here are my results:

https://freetsa.org
-- YES! THIS ONE ACTUALLY WORKS!
-- It gives detailed instructions on how to use it with the OpenSSL toolset
-- Has a form where you can give data to the browsers, which will send a hash to their server

http://timestamp.globalsign.com/scripts/timstamp.dll
http://timestamp.globalsign.com/?signature=sha2
http://rfc3161timestamp.globalsign.com/advanced
-- These sites all bring up the same page. It appears they no longer offer a free service.

https://timestamp.geotrust.com/tsa
-- Timed out

http://timestamp.sectigo.com
-- No longer a free service; must sign up for a trial. Their only link to a client application is from Microsoft.

http://timestamp.wosign.com
http://tsa.startssl.com/rfc3161
-- These two timed out with no output.

http://time.certum.pl
-- Retured the following output:
Time Stamp Service Version 2.0
Can only POST to TSA server.

http://timestamp.digicert.com
-- No ouput. Digicert no longer appears to offer anything for free, not even email sigining.

http://dse200.ncipher.com/TSS/HttpTspServer
-- Timed out; no output

http://tsa.safecreative.org
-- Page indicates the service is shutting down in July 2021

http://zeitstempel.dfn.de
-- Page returns the following text (from elinks):
DFN-Verein Kontakt und Support
Fehler
Ein Fehler ist aufgetreten.
Mit freundlichen Grüßen
Ihr DFN-PKI-Team
Impressum

https://ca.signfiles.com/tsa/get.aspx
-- Connect successfully; got back the following:
RFC 3161 and Autheticode TSA Server

http://services.globaltrustfinder.com/adss/tsa
https://tsp.iaik.tugraz.at/tsp/TspRequest
-- Both pages failed to respond; I had to kill elinks

http://timestamp.apple.com/ts01
-- Returns a page with a list of Apple's certificates

http://timestamp.entrust.net/TSS/RFC3161sha2TS
-- Connect successfully but got no output. It might be expecting POST data.

http://tsa.starfieldtech.com/
-- Site no longer exists

@Neepawa

This comment has been minimized.

Copy link

@Neepawa Neepawa commented Jun 8, 2021

David, it appears you're actively maintaining the list. I'd like to suggest you add text to the gist indicating when was the last time you updated it.

@Outtay

This comment has been minimized.

Copy link

@Outtay Outtay commented Jun 9, 2021

@Neepawa
Pretty sure that this is not the way to test if they work or not. I'm still not entirely sure how to easily fully verify if the services are working, but if you look at freetsa.org in the "Basics: TCP-based client" it shows how the services can be talked to via openssl and curl.
Then you can see in the resulting tsr file whether it worked and so for example http://timestamp.digicert.com seems to output valid data. And so does http://rfc3161timestamp.globalsign.com/advanced

@Siebje

This comment has been minimized.

Copy link

@Siebje Siebje commented Jun 15, 2021

Note that there is a new GlobalSign URL:
http://timestamp.globalsign.com/tsa/r6advanced1

I just used it and it works for me. The other GlobalSign URLs seem to be dead indeed.

@DarkIrata

This comment has been minimized.

Copy link

@DarkIrata DarkIrata commented Jun 22, 2021

Don't use https://ca.signfiles.com/tsa/get.aspx
It is a demo server with open configuration.

More informations: https://www.signfiles.com/timestamping/

@JohnPlanetary

This comment has been minimized.

Copy link

@JohnPlanetary JohnPlanetary commented Jul 12, 2021

As of 12-JULY-2021 here are the TSA that I know work and are available for real use:

Digicert:
http://timestamp.digicert.com
Credible: Yes . [Adobe Approved Trust List] and [Windows Cert Store].
Hash: up to SHA512

GlobalSign:
http://aatl-timestamp.globalsign.com/tsa/aohfewat2389535fnasgnlg5m23
Credible: Yes . [Adobe Approved Trust List] and [Windows Cert Store].
Hash: up to SHA512

Sectigo:
https://timestamp.sectigo.com
Credible: Yes . [Adobe Approved Trust List] and [Windows Cert Store].
Hash: up to SHA512
Note: wait 15 seconds between each request.

Entrust:
http://timestamp.entrust.net/TSS/RFC3161sha2TS
Credible: Yes . [Adobe Approved Trust List] and [Windows Cert Store].
Hash: up to SHA512

SwissSign:
http://tsa.swisssign.net
Credible: Yes . [Adobe Approved Trust List] and [Windows Cert Store].
Hash: up to SHA512
Note: only 10 requests per day. For bigger quantities contact the company.

IDnomic:
http://kstamp.keynectis.com/KSign/
Credible: Yes . [Adobe: European Union Trusted Lists] and [Windows Cert Store].
Hash: up to SHA512

QuoVadis + Digicert:
http://tsa.quovadisglobal.com/TSS/HttpTspServer
Credible: Yes . [Adobe Approved Trust List] and [Windows Cert Store].
Hash: up to SHA512

IRN:
http://ts.cartaodecidadao.pt/tsa/server
Credible: Yes . [Adobe: European Union Trusted Lists] and [Windows Cert Store].
Hash: only SHA256
Note: only allows 20 requests in 20 minutes, if more requests are done the IP address will be blocked and legal consequences may happen.

ACCV:
http://tss.accv.es:8318/tsa
Credible: Yes . [Adobe: European Union Trusted Lists] and [Windows Cert Store].
Hash: up to SHA512

IZENPE:
http://tsa.izenpe.com
Credible: Yes . [Adobe: European Union Trusted Lists].
Hash: up to SHA512

CERTUM:
http://time.certum.pl
Credible: Yes . [Windows Cert Store]
Hash: up to SHA512

DFN:
http://zeitstempel.dfn.de
Credible: Yes . [Windows Cert Store]
Hash: up to SHA512
Note: commercial use forbidden.

CatCert:
http://psis.catcert.cat/psis/catcert/tsp
Credible: Yes . [Windows Cert Store]
Hash: up to SHA512

Symantec
http://sha256timestamp.ws.symantec.com/sha256/timestamp
Credible: Yes . [Windows Cert Store]
Hash: up to SHA512

GlobaSign:
http://rfc3161timestamp.globalsign.com/advanced
http://timestamp.globalsign.com/tsa/r6advanced1
Credible: Yes . [Windows Cert Store]
Hash: up to SHA512

Apple:
http://timestamp.apple.com/ts01
Credible: Yes. [Apple CA]
Hash: up to SHA512

FreeTSA:
https://freetsa.org/tsr
Credible: No.
Hash: up to SHA512

SafeStamper:
https://www.safestamper.com/tsa
Credible: No.
Hash: up to SHA512
Note: up to 5 requests per day. For bigger quantities contact the company.

MeSign:
http://tsa.mesign.com
Credible: No.
Hash: up to SHA512

WoTrust:
https://tsa.wotrus.com
Credible: No.
Hash: only SHA256
Note: wait 15 seconds between each request.

Lex-Persona:
http://tsa.lex-persona.com/tsa
Credible: No.
Hash: up to SHA512

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment