Thank you,
but this thread is about TS from real Certification Authority and
problem with attribute certificates.
--kapetr
Dne 11.3.2013 21:16, Walter H. napsal(a):
Hello,
try this for generating the TSA-reply
openssl ts -reply -config openssl.cnf -section tsa_timestamp -queryfile
TSA-query -inkey ts.key -signer ts.crt -out TSA-reply
where ts.crt and ts.key are the timestamping certificate and private key
(without passphrase)
and TSA-query is the time stamp query
TSA-reply is your time stamp reply
I'm using this in a CGI skript and created a timestamp server this way ...
I tested this with my certificates with just Adobe Standard and this
worked.
the openssl.cnf contains this:
oid_section = new_oids
[ new_oids ]
tsaPolicy = 1.2.3.4.5
[ tsa ]
default_tsa = tsa_timestamp
[ tsa_timestamp ]
accuracy = secs:1, millisecs:500, microsecs:100
digests = md5, sha1
serial = serialnmbr-timestamp.text
default_policy = tsaPolicy
On 11.03.2013 20:01, kap...@mizera.cz wrote:
Of course YES.
Timestamp reply is nothing else as CMS SignedData structure.
--kapetr
Dne 11.3.2013 19:51, Dr. Stephen Henson napsal(a):
On Mon, Mar 11, 2013, kap...@mizera.cz wrote:
Hello,
Dne 11.3.2013 17:33, Dr. Stephen Henson napsal(a):
As to the OP query. I'm not that familiar with the timestamping
code. OpenSSL
doesn't support attribute certificates and adding support is not
trivial.
The attribute certificates are common possible in CMS, not just in
TS => attr. cert. (in the SigningCertificate->certs) will kill any
CMS verification.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org