[openssl-users] Question about timestamps

Alex Samad alex at samad.com.au
Fri Apr 8 05:39:20 UTC 2016


I am trying to use a rfc3161 timestamp service to record timestamps.

Basically I have a sha of some files and I would like to sign the file.

basically I am using something like this

# Generate Query and send
$OPENSSL ts -query -data "$FL" -sha256 | $CURL -s -H
"Content-Type:application/timestamp-query" --data-binary "@-" $TSA >

$OPENSSL ts -reply -in "${FL}.tsr" -text > "${FL}.ts.txt"

where FL = is file.

What I want to be able to do is verify the .tsr file

testing that with

openssl ts -verify -data SHA.sha -in SHA.sha.tsr

where SHA.sha is the original FL

but I get

Verification: FAILED
routines:PKCS7_get0_signers:signer certificate not

from the text output
 cat *.txt
Status info:
Status: Granted.
Status description: unspecified
Failure info: unspecified

TST info:
Version: 1
Policy OID: 2.16.840.1.113733.
Hash Algorithm: sha256
Message data:
    0000 - 8c 6d 95 5b e0 cd 8b c9-df 8c ab 57 45 c4 69 e6   .m.[.......WE.i.
    0010 - 7a b9 ce cb 14 8f 55 25-91 2e 57 37 3e 5c b8 d5   z.....U%..W7>\..
Serial number: 0xBEAF663E1CD2F0D029C1A641AD2F9137A5F097C9
Time stamp: Apr  8 04:58:08 2016 GMT
Accuracy: 0x1E seconds, unspecified millis, unspecified micros
Ordering: no
Nonce: 0x8E67A9941BCB2570
TSA: DirName:/C=US/O=Symantec Corporation/OU=Symantec Trust
Network/CN=Symantec SHA256 TimeStamping Signer - G1

I am guessing my problem is the above certificate is not in the ssl
path. and currently I am unable to find it on the symantec site.

Am I doing the right think ?
I have also looked at global sign and similar issue, find the cert

what am i missing


More information about the openssl-users mailing list