http://timestamp.globalsign.com/scripts/timstamp.dll | |
http://timestamp.globalsign.com/?signature=sha2 | |
http://rfc3161timestamp.globalsign.com/advanced | |
https://timestamp.geotrust.com/tsa | |
http://timestamp.sectigo.com | |
http://timestamp.wosign.com | |
http://tsa.startssl.com/rfc3161 | |
http://time.certum.pl | |
http://timestamp.digicert.com | |
https://freetsa.org | |
http://dse200.ncipher.com/TSS/HttpTspServer | |
http://tsa.safecreative.org | |
http://zeitstempel.dfn.de | |
https://ca.signfiles.com/tsa/get.aspx | |
http://services.globaltrustfinder.com/adss/tsa | |
https://tsp.iaik.tugraz.at/tsp/TspRequest | |
http://timestamp.apple.com/ts01 | |
http://timestamp.entrust.net/TSS/RFC3161sha2TS | |
http://tsa.starfieldtech.com/ |
This comment has been minimized.
This comment has been minimized.
I finded new TSA server. You can use |
This comment has been minimized.
This comment has been minimized.
@Manouchehri ,, Thanks for compiling this list. My interest is in free general-purpose timestamping service (e.g. stamping pdf, zip files) and this page was near the top of Google's search results, so a good starting point for a comprehensive list of freeTSA servers, but some of the links appear to be dead dse200.ncipher.com/TSS/HttpTspServer : address could not be found for either the full URL or the base address dse200.ncipher.com. timestamp.geotrust.com/tsa : has been retired by Symantec and replaced with sha256timestamp.ws.symantec.com/sha256/timestamp (see INFORMATIONAL | Discontinued Use of (Legacy) SHA1 RFC 3161 timestamp service - DigiCert) and appears to be a direct link to their RFC3161 timestamper and not a "landing" page. Not 100% certain but it looks like the "timestamp.dll" links are direct RFC3161 timestamp server links designed to be used for code-signing only (possibly by Microsoft's SignTool). For what I came to this page for the best current (1/19/2019) link for genuinely free general-purpose timestamping is freetsa.org. No time to go through all the links, but this of interest so I will update this comment as time allows. Thanks again for the scholarship compiling this resource. |
This comment has been minimized.
This comment has been minimized.
Excellent resource! Is anyone generating, signing and timestamping PDFs on the fly? Currently working with TCPDF which signs ok but does not have time stamping implemented. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
@jonybuzz Thanks, added. @haleba-hotmail dse200.ncipher.com still resolves fine here. Could you try again? |
This comment has been minimized.
This comment has been minimized.
@seagate00 Getting a connection refused for |
This comment has been minimized.
This comment has been minimized.
Double checked and it looks like the ncipher link is purely a timestamping server to be accessed via software like openssl and not a web site based service like freetsa, so simply putting the base address in a browser yields a "no page found" error, but it resolves fine in tracert. |
This comment has been minimized.
This comment has been minimized.
Looks like http://timestamp.globalsign.com/scripts/timstamp.dll is now paid product.
|
This comment has been minimized.
This comment has been minimized.
http://tsa.startssl.com/rfc3161 |
This comment has been minimized.
This comment has been minimized.
Edit: The downtime of the verisign service was temporary, and it came back online a few hours after going down. |
This comment has been minimized.
This comment has been minimized.
I tried using 1st URL (symantec) but it did not work. |
This comment has been minimized.
This comment has been minimized.
Digicert has announced that the former Verisign and Symantec time stamping services are deprecated; see [https://knowledge.digicert.com/alerts/migration-of-legacy-verisign-and-symantec-time-stamping-services.html] for their announcement. The three services timestamp.verisign.com/scripts/timstamp.dll, sha1timestamp.ws.symantec.com/sha1/timestamp, and sha256timestamp.ws.symantec.com/sha256/timestamp will go offline on or about Oct 31, 2019. They provide timestamp.digicert.com as the recommended replacement. |
This comment has been minimized.
This comment has been minimized.
@RPaulProxy Thanks for the heads up, I've removed those two from my list. I think long term it'd be a good idea to put this list into a library like https://github.com/trbs/rfc3161ng where URLs could be tested automatically. |
This comment has been minimized.
This comment has been minimized.
This works fine Thanks mate |
This comment has been minimized.
This comment has been minimized.
Anyone here has any experience with a Philippine-based TSA? |
This comment has been minimized.
This comment has been minimized.
FreeTSA does not work in Adobe Acroboat. FreeTSA just gives an error message, then Adobe grabs time from the own computer. For many of the above TSAI get I validation error (in Adobe Acrobat PRO) that Are there any free/open TSAs that yield verifiable timestamps? |
This comment has been minimized.
This comment has been minimized.
@JohanVeBe Try |
This comment has been minimized.
This comment has been minimized.
Thanks! |
This comment has been minimized.
This comment has been minimized.
Hi Everyone :) Just giving feedback in the latest list of Timestamping Servers, using Foxit Reader v9.7.2, located here in the Philippines on the PLDT network:
http://time.certum.pl
http://timestamp.apple.com/ts01
https://timestamp.geotrust.com/tsa |
This comment has been minimized.
This comment has been minimized.
@Manouchehri |
This comment has been minimized.
This comment has been minimized.
@jmk92: Thanks! Before I add it to the list, what's the difference between |
This comment has been minimized.
This comment has been minimized.
@Manouchehri
1)GlobalSign Root CA ----GlobalSign Timestamping CA - G2----GlobalSign TSA for Standard - G2 1 and 2 are the same timestamp.globalsign.com , DNS resolution, the vast majority of which was given to cloudflare, and a small part to fastly.com , part of China has been handed over to aliyun CDN (but recently HTTP 403 is not available in China) DNS of 3 only resolves to cloudflare, and the stability is not necessarily worse than 1 and 2, everyone needs to actually test availability and speed based on their geographic location, I am used to MTR, compare loss and delay |
This comment has been minimized.
This comment has been minimized.
http://timestamp.comodoca.com/rfc3161 is failing with Microsoft signtool right now. Changing server fixes it. |
This comment has been minimized.
This comment has been minimized.
@hmoffatt Sectigo (comodoca) on May 31, Authenticode's timestamp certificate expired, so Authenticode cannot be used for signature, but it can be signed by using rfc3161, because they are different certificate chains. I think you may have this problem. Try changing the signtool parameter, adding / TD sha256, and forcing rfc3161 |
This comment has been minimized.
This comment has been minimized.
@jmk92 aha possibly because I am signing sha1 (then we sign sha256 next). I switched to timestamp.digicert.com. |
This comment has been minimized.
This comment has been minimized.
@hmoffatt I just tested that I can use sectigo (comodoca) double signature. It is OK for sha1 and sha256 to use it. The certificate is: Sectigo RSA Time Stamping Signer #1 |
This comment has been minimized.
This comment has been minimized.
@jmk92
|
This comment has been minimized.
This comment has been minimized.
@hmoffatt You try this, I added the / TD option, as well as the URL. In fact, sectigo (comodoca) can be used without / rfc3161. direct http://timestamp.comodoca.com , or http://timestamp.sectigo.com |
This comment has been minimized.
This comment has been minimized.
Thanks that is working. It also works with the timestamp.digicert.com server, which is faster for me than the comodoca.com server. |
This comment has been minimized.
This comment has been minimized.
|
This comment has been minimized.
This comment has been minimized.
Thank you to @hmoffatt for bringing this up and to @jmk92 for explaining the problem and showing the solution. My automated builds suddenly started failing a couple weeks ago with a cryptic "SignTool internal error", which some suggested could be related to RFC time-stamping server, and indeed adding I still wonder what has changed, though. Did Comodo start defaulting to SHA-1 instead of SHA-256? Or did Signtool start requiring SHA-256 which previously was not a requirement? But |
This comment has been minimized.
This comment has been minimized.
Although it is still under development, it is a service to put a time stamp on PDF, Image, Web page. It's still free now, so try it! (URL may change in the future) Tell me if you know the CA on the Adobe Approved Trust List that will sign your self-signed TSA certificate at a low cost. |
This comment has been minimized.
This comment has been minimized.
Sectigo/Comodo acknowledged that there’s an issue with their time stamping server:
I am using Microsoft MSIX packaging tool which just stopped working with http://timestamp.comodoca.com/ recently. |
This comment has been minimized.
This comment has been minimized.
@Manouchehri I found another one http://tsa.starfieldtech.com/ As per this they recommend to use http://timestamp.sectigo.com
Verify TSA with openssl
|
This comment has been minimized.
This comment has been minimized.
@arulrajnet I am trying with option you have mentioned here I am getting error. It is on Windows Server OS
Not FoundThe requested URL was not found on this server. Apache Server at timestamp.sectigo.com Port 443 * Curl_http_done: called premature == 0 * Connection #1 to host timestamp.sectigo.com left intact +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ When tried with sSL option no output. curl.exe -sSL --verbose -H 'Content-Type: application/timestamp-query' --data-binary @message.tsq http://ti mestamp.sectigo.com -o message.tsr Any advise? |
This comment has been minimized.
This comment has been minimized.
Great compilation of timestamp authorities. Thanks! Question: Why aren't servers generally on https? Its not important or..? |
This comment has been minimized.
This comment has been minimized.
So for anyone wondering, here's a short list of which companies are "approved" by Adobe for signing: https://helpx.adobe.com/sign/using/custom-time-stamp-providers.html#ApprovedTimeStampProviders There's also a longer list here: https://helpx.adobe.com/ca/acrobat/kb/approved-trust-list1.html @arulrajnet That page is down at the moment, but I've replaced @ragnarekker The signatures themselves can be validated, so HTTPS isn't technically required. |
This comment has been minimized.
This comment has been minimized.
zeitstempel.dfn.de is working fine on Linux when signing a LibreOfficeWriter to PDF export. I might try this on "my" Windows machine in LibreOffice in the office after lockdown as well. (A Windows machine is never mine, plus this is a machine my company owns.) |
This comment has been minimized.
I'm finding a free TSA that optimized for Asia users.
Do you know any?
(All above servers take at least 200ms for a ping response)
PS: The first server I've found is: http://tsa.wotrus.com (~75ms)