[openssl-users] Extracting certificate from RFC3161 time stamp response
Anton Wuerfel
openssl at wuerfelmail.de
Mon Mar 7 15:05:51 UTC 2016
Hello,
for an university project I am implementing RFC3161 time stamps into
git.
when creating a TSQ it is possible to force the TSA server to include
its signing certificate in the TSR. However, I was wondering how to
extract this certificate at the client side, as neither 'openssl ts
-reply' nor 'openssl ts -verify' seemed to offer an appropriate
functionality. As the TSA field in TST_INFO is optional according to
RFC3161 and might be unspecified, it is not a reliable way to determine
the issuer of the timestamp signature. I would like to display the
issuers name to the user if verification of the timestamp failed or the
corresponding public key was not found in the user's certificate store.
Is there any built-in way to extract the issuer's certificate from a
TSR?
Regards,
Anton Wuerfel
More information about the openssl-users
mailing list