[openssl-users] Extracting certificate from RFC3161 time stamp response

Anton Wuerfel openssl at wuerfelmail.de
Mon Mar 7 15:05:51 UTC 2016


for an university project I am implementing RFC3161 time stamps into 
when creating a TSQ it is possible to force the TSA server to include 
its signing certificate in the TSR. However, I was wondering how to 
extract this certificate at the client side, as neither 'openssl ts 
-reply' nor 'openssl ts -verify' seemed to offer an appropriate 
functionality. As the TSA field in TST_INFO is optional according to 
RFC3161 and might be unspecified, it is not a reliable way to determine 
the issuer of the timestamp signature. I would like to display the 
issuers name to the user if verification of the timestamp failed or the 
corresponding public key was not found in the user's certificate store.

Is there any built-in way to extract the issuer's certificate from a 

Anton Wuerfel

More information about the openssl-users mailing list