Is the Verisign Timestamp server down? [closed]

Asked 2/1, 2021 at 17:6 Answered 6/1, 2021 at 18:51

I was trying to build my setup scripts with Inno Setup these past two days (1 & 2 Jan 2021) and the digital signing was failing. So I contacted Verisign via email and await their response.

Recension answered 2/1, 2021 at 17:6 Comment(0)

I received an official response from Verisign this afternoon (on 2 Jan 2021):

Thank you for contacting Verisign Support.

This server was deprecated after our authentication services were sold to Symantec, which is now Digicert. You can find a list of free timestamp servers online or theirs is now at http://timestamp.digicert.com.

If you have additional questions, please do not hesitate to contact us.

So the http://timestamp.verisign.com timestamp server is no more.

At the moment I know of the following alternatives (in addition to Digicert above) which work well:

http://timestamp.comodoca.com/authenticode
http://timestamp.globalsign.com/scripts/timestamp.dll
http://tsa.starfieldtech.com

Recension answered 2/1, 2021 at 17:6 Comment(9)

I wasn't able to find any public posts about this. Did they point you to any deprecation announcements? It seems like this was completely announced. – Vincennes 4/1, 2021 at 22:3

@Vincennes No, I emailed their support and I copy / pasted their response to me. – Recension 4/1, 2021 at 22:4

Note about timestamp.comodoca.com/authenticode : I stopped using that one in June 2020 because it started generating broken timestamps, I believe due to an expired root certificate. – Natalienatalina 7/1, 2021 at 16:51

Another note about tsa.starfieldtech.com: this one does not seem reliable, I think it bans IP that do "too much" signing. – Natalienatalina 11/1, 2021 at 9:3

Tried pinging the timestamp.digicert.com today and got Request timed out. timestamp.globalsign.com appears to be alive. – Cooe 11/2, 2021 at 12:0

Another one you can use is http://timestamp.sectigo.com (see sectigo.com/resource-library/time-stamping-server for details) – Horn 24/5, 2021 at 9:46

Regarding ping: The timestamping server will not respond to any other network probes (such as a ping or a tracert.). This is from knowledge.digicert.com/solution/SO912.html – Edom 29/6, 2022 at 12:29

Even I am getting this below, is this down ? Failed to convert timestamp reply from timestamp.comodoca.com/authenticode; HTTP status 404 – Vermiculation 27/1, 2023 at 9:16

@Vermiculation when I clicked that link it redirected to: sectigo.com/resource-library/time-stamping-server. Did you see the comment dated Jan 7, 2021 by WimCoenen ? – Recension 27/1, 2023 at 13:56

When using Microsoft's SignTool.exe

Change the timestamping server (-t):

Before: signcode -t "http://timestamp.verisign.com/scripts/timstamp.dll" (defunct)
After: signcode -t "http://timestamp.digicert.com"

Butler answered 6/1, 2021 at 18:51 Comment(4)

If someone was already signing their executables they would surely know how to change the server used for the timestamp? – Recension 6/1, 2021 at 18:53

@AndrewTruckle Exactly. And in order to help along the process, and since stackoverflow is also a wiki, i'm providing the information to others to help them along. No reason they have to suffer through remembering all these details that they laid down in a .cmd file 17 years ago and haven't thought about since. – Butler 6/1, 2021 at 18:56

Fair enough. Then you might want to flesh your answer out with a direct link to teh SignTool documentation at Microsoft: learn.microsoft.com/en-us/windows/win32/seccrypto/signtool Up to you! – Recension 6/1, 2021 at 19:5

@IanBoyd This was a life saver. The 'someone' left the company and left no instructions. The server that had the data crashed and there were no backups. Two groups thought the other group was responsible for backups. So I was left with black hole. – Uncle 28/1, 2021 at 16:42

Recommended topics

Hot tags