Skip to content

Instantly share code, notes, and snippets.

@Manouchehri Manouchehri/rfc3161.txt
Last active May 22, 2020

Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
List of free rfc3161 servers.
Raw
rfc3161.txt
http://timestamp.globalsign.com/scripts/timstamp.dll
https://timestamp.geotrust.com/tsa
http://timestamp.comodoca.com/rfc3161
http://timestamp.wosign.com
http://tsa.startssl.com/rfc3161
http://time.certum.pl
http://timestamp.digicert.com
https://freetsa.org
http://dse200.ncipher.com/TSS/HttpTspServer
http://tsa.safecreative.org
http://zeitstempel.dfn.de
https://ca.signfiles.com/tsa/get.aspx
http://services.globaltrustfinder.com/adss/tsa
https://tsp.iaik.tugraz.at/tsp/TspRequest
http://timestamp.apple.com/ts01
http://timestamp.entrust.net/TSS/RFC3161sha2TS
@trinhpham

This comment has been minimized.

Sign in to view
Copy link

trinhpham commented Jul 13, 2018

I'm finding a free TSA that optimized for Asia users.
Do you know any?

(All above servers take at least 200ms for a ping response)

PS: The first server I've found is: http://tsa.wotrus.com (~75ms)
@seagate00

This comment has been minimized.

Sign in to view
Copy link

seagate00 commented Nov 25, 2018
edited

I finded new TSA server. You can use

http://oscp.cocbuilder.su/tsa.php
@haleba-hotmail

This comment has been minimized.

Sign in to view
Copy link

haleba-hotmail commented Jan 13, 2019

@Manouchehri ,,

Thanks for compiling this list.

My interest is in free general-purpose timestamping service (e.g. stamping pdf, zip files) and this page was near the top of Google's search results, so a good starting point for a comprehensive list of freeTSA servers, but some of the links appear to be dead

dse200.ncipher.com/TSS/HttpTspServer : address could not be found for either the full URL or the base address dse200.ncipher.com.

timestamp.geotrust.com/tsa : has been retired by Symantec and replaced with sha256timestamp.ws.symantec.com/sha256/timestamp (see INFORMATIONAL | Discontinued Use of (Legacy) SHA1 RFC 3161 timestamp service - DigiCert) and appears to be a direct link to their RFC3161 timestamper and not a "landing" page.

Not 100% certain but it looks like the "timestamp.dll" links are direct RFC3161 timestamp server links designed to be used for code-signing only (possibly by Microsoft's SignTool).

For what I came to this page for the best current (1/19/2019) link for genuinely free general-purpose timestamping is freetsa.org. No time to go through all the links, but this of interest so I will update this comment as time allows.

Thanks again for the scholarship compiling this resource.
@mcarpenterjr

This comment has been minimized.

Sign in to view
Copy link

mcarpenterjr commented Jan 25, 2019
edited

Excellent resource! Is anyone generating, signing and timestamping PDFs on the fly? Currently working with TCPDF which signs ok but does not have time stamping implemented.
@jonybuzz

This comment has been minimized.

Sign in to view
Copy link

jonybuzz commented Jun 6, 2019

http://timestamp.entrust.net/TSS/RFC3161sha2TS
@Manouchehri

This comment has been minimized.

Sign in to view
Copy link
Owner Author

Manouchehri commented Jun 6, 2019

@jonybuzz Thanks, added.

@haleba-hotmail dse200.ncipher.com still resolves fine here. Could you try again?
@Manouchehri

This comment has been minimized.

Sign in to view
Copy link
Owner Author

Manouchehri commented Jun 6, 2019

@seagate00 Getting a connection refused for http://oscp.cocbuilder.su/tsa.php.
@haleba-hotmail

This comment has been minimized.

Sign in to view
Copy link

haleba-hotmail commented Jun 7, 2019

@Manouchehri

Double checked and it looks like the ncipher link is purely a timestamping server to be accessed via software like openssl and not a web site based service like freetsa, so simply putting the base address in a browser yields a "no page found" error, but it resolves fine in tracert.
@Silvenga

This comment has been minimized.

Sign in to view
Copy link

Silvenga commented Jun 13, 2019

Looks like http://timestamp.globalsign.com/scripts/timstamp.dll is now paid product.

GlobalSign's trusted timestamping Software as a Service (SaaS) provides a low cost and easy method
@DarkIrata

This comment has been minimized.

Sign in to view
Copy link

DarkIrata commented Jul 11, 2019

http://tsa.startssl.com/rfc3161
http://tsp.iaik.tugraz.at/tsp/TspRequest
Can be removed from the list. While they get sign successfully, they aren't trusted by windows.
@who

This comment has been minimized.

Sign in to view
Copy link

who commented Jul 11, 2019
edited

It appears that http://timestamp.verisign.com/scripts/timstamp.dll no longer functions.

Edit: The downtime of the verisign service was temporary, and it came back online a few hours after going down.
@AbhiVaze2695

This comment has been minimized.

Sign in to view
Copy link

AbhiVaze2695 commented Oct 16, 2019

I tried using 1st URL (symantec) but it did not work.
I want to sign the exe file using SHA256. And I'm using C# language.
Is there any other URL which can be used for SHA256?
Please help.. Its urgent.
Thanks in advance!!!
@RPaulProxy

This comment has been minimized.

Sign in to view
Copy link

RPaulProxy commented Oct 17, 2019

Digicert has announced that the former Verisign and Symantec time stamping services are deprecated; see [https://knowledge.digicert.com/alerts/migration-of-legacy-verisign-and-symantec-time-stamping-services.html] for their announcement. The three services timestamp.verisign.com/scripts/timstamp.dll, sha1timestamp.ws.symantec.com/sha1/timestamp, and sha256timestamp.ws.symantec.com/sha256/timestamp will go offline on or about Oct 31, 2019. They provide timestamp.digicert.com as the recommended replacement.
@Manouchehri

This comment has been minimized.

Sign in to view
Copy link
Owner Author

Manouchehri commented Oct 20, 2019

@RPaulProxy Thanks for the heads up, I've removed those two from my list.

I think long term it'd be a good idea to put this list into a library like https://github.com/trbs/rfc3161ng where URLs could be tested automatically.
@jeraldfdo

This comment has been minimized.

Sign in to view
Copy link

jeraldfdo commented Dec 4, 2019

I'm finding a free TSA that optimized for Asia users.
Do you know any?

(All above servers take at least 200ms for a ping response)

PS: The first server I've found is: http://tsa.wotrus.com (~75ms)

This works fine Thanks mate
@n1tr0narc

This comment has been minimized.

Sign in to view
Copy link

n1tr0narc commented May 16, 2020

Anyone here has any experience with a Philippine-based TSA?
@JohanVeBe

This comment has been minimized.

Sign in to view
Copy link

JohanVeBe commented May 19, 2020
edited

FreeTSA does not work in Adobe Acroboat. FreeTSA just gives an error message, then Adobe grabs time from the own computer.

For many of the above TSAI get I validation error (in Adobe Acrobat PRO) that
"The signature includes an embedded timestamp but it could not be verified".
I get this validation error for:
http://zeitstempel.dfn.de
https://tsp.iaik.tugraz.at/tsp/TspRequest
http://time.certum.pl
http://dss.nowina.lu/pki-factory/tsa/good-tsa
http://time.certum.pl
http://timestamp.digicert.com

Are there any free/open TSAs that yield verifiable timestamps?
@Manouchehri

This comment has been minimized.

Sign in to view
Copy link
Owner Author

Manouchehri commented May 19, 2020
edited

@JohanVeBe Try http://timestamp.digicert.com. That's likely a CA you already have whitelisted.
@JohanVeBe

This comment has been minimized.

Sign in to view
Copy link

JohanVeBe commented May 19, 2020

@JohanVeBe Try http://timestamp.digicert.com. That's likely a CA you already have whitelisted.

Thanks!
Yes, that one works!
@n1tr0narc

This comment has been minimized.

Sign in to view
Copy link

n1tr0narc commented May 20, 2020

Hi Everyone :) Just giving feedback in the latest list of Timestamping Servers, using Foxit Reader v9.7.2, located here in the Philippines on the PLDT network:

  1. Works with actual name displayed:

http://time.certum.pl
http://timestamp.comodoca.com/rfc3161
http://timestamp.entrust.net/TSS/RFC3161sha2TS
http://timestamp.globalsign.com/scripts/timstamp.dll
added: http://tsa.wotrus.com

  1. Works, but does not display signers name or wrong signers name displayed:

http://timestamp.apple.com/ts01
http://timestamp.digicert.com
https://ca.signfiles.com/tsa/get.aspx
http://tsa.startssl.com/rfc3161
https://freetsa.org

  1. Does not work either network anomaly or corrupt PDF:

https://timestamp.geotrust.com/tsa
http://timestamp.wosign.com
http://dse200.ncipher.com/TSS/HttpTspServer
http://tsa.safecreative.org
http://zeitstempel.dfn.de
http://services.globaltrustfinder.com/adss/tsa
https://tsp.iaik.tugraz.at/tsp/TspRequest
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.