Skip to content

Instantly share code, notes, and snippets.

@Manouchehri
Last active June 7, 2024 09:52
Show Gist options
  • Save Manouchehri/fd754e402d98430243455713efada710 to your computer and use it in GitHub Desktop.
Save Manouchehri/fd754e402d98430243455713efada710 to your computer and use it in GitHub Desktop.
List of free rfc3161 servers.
https://rfc3161.ai.moda
https://rfc3161.ai.moda/adobe
https://rfc3161.ai.moda/microsoft
https://rfc3161.ai.moda/apple
https://rfc3161.ai.moda/any
http://rfc3161.ai.moda
http://timestamp.digicert.com
http://timestamp.globalsign.com/tsa/r6advanced1
http://rfc3161timestamp.globalsign.com/advanced
http://timestamp.sectigo.com
http://timestamp.apple.com/ts01
http://tsa.mesign.com
http://time.certum.pl
https://freetsa.org
http://tsa.startssl.com/rfc3161
http://dse200.ncipher.com/TSS/HttpTspServer
http://zeitstempel.dfn.de
https://ca.signfiles.com/tsa/get.aspx
http://services.globaltrustfinder.com/adss/tsa
https://tsp.iaik.tugraz.at/tsp/TspRequest
http://timestamp.entrust.net/TSS/RFC3161sha2TS
@tostercx
Copy link

tostercx commented Oct 28, 2021

http://tsa.baltstamp.lt

In EU trust list, up to SHA512

Limitation applies to non-registered users: no more than 100 requests within one month; the beginning and the end of the month are defined in UTC time.

@Sean-creative
Copy link

It helped me a lot. Thank you :)

@Manouchehri
Copy link
Author

I've added my experimental load balancer to this list. Hopefully, the first URL should "just work" for most applications like Adobe, but you can specify the type of service by appending it to the URL too.

@venerguevarra
Copy link

This http://tsa.starfieldtech.com/ doesn't work anymore

@Manouchehri
Copy link
Author

You're right, thanks. Removed it from the list completely.

dave@mbp ~ % dig tsa.starfieldtech.com @8.8.8.8 +tcp

; <<>> DiG 9.10.6 <<>> tsa.starfieldtech.com @8.8.8.8 +tcp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20019
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;tsa.starfieldtech.com.		IN	A

;; AUTHORITY SECTION:
starfieldtech.com.	1614	IN	SOA	cns1.secureserver.net. dns.jomax.net. 2023011200 3600 600 1209600 3600

;; Query time: 60 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Jan 27 15:33:35 EST 2023
;; MSG SIZE  rcvd: 117

@venerguevarra
Copy link

@Manouchehri Thank you. I think the list should also not contain the following as they are not working anymore

@Manouchehri
Copy link
Author

You are correct. My team had already removed those from our rfc3161.ai.moda load balancer, but I forgot to update the list here too.

@karelbilek
Copy link

@vasekkral
Copy link

vasekkral commented Nov 21, 2023

http://ts.ssl.com

Is there link to certificate(s) that are used for the TimeStamp? We need to put them into trusted list.

Found here: https://www.ssl.com/how-to/install-ssl-com-ca-root-certificates/

@karelbilek
Copy link

@JohnPlanetary WOW thanks for that list, it really helped.

@JohnPlanetary
Copy link

@JohnPlanetary WOW thanks for that list, it really helped.

Happy for having been useful.

@mherrmann
Copy link

Do https:// URLs actually work for anyone with signtool? I'm getting:

SignTool Error: Invalid Timestamp URL: https://...

Both for signtool /t and for signtool /tr.

@JohnPlanetary
Copy link

I've tried the https:// url's and no, it is not working, it appears the same error.

SignTool sign /fd SHA512 /a /f certificate.pfx /p MYPASSWORD /td SHA384 /tr https://timestamp.sectigo.com c:\sign\MyProgram.exe
SignTool Error: Invalid Timestamp URL: https://timestamp.sectigo.com

The good news is that the http:// still works fine, and most common TimeStamp servers don't even have the https:// version working at all.
But I'm sure the https version did work fine on the past, some update to Windows must have messed up things.

I've had the Windows SDK signing tool 10.0.19041.0, but even in the latest 10.0.22621.0 that I downloaded from: https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/ still doesn't work, so isn't just a question of updating the tool, unfortunately something else probably needs to be changed by Microsoft.

@Manouchehri
Copy link
Author

My http://rfc3161.ai.moda load balancer should work fine over HTTP. I didn’t add it to the list because I want to encourage everyone to use HTTPS, but it works fine if you must use HTTP.

@danvy
Copy link

danvy commented May 30, 2024

My http://rfc3161.ai.moda load balancer should work fine over HTTP. I didn’t add it to the list because I want to encourage everyone to use HTTPS, but it works fine if you must use HTTP.

@Manouchehri Could you explain what's behind this service ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment