I'm trying to receive the response of a signer of time and am getting the erro:
root@digic:/opt/CaIC/tsa/tsa-0.2# openssl ts -verify -queryfile teste.txt.tsq -in teste.txt.tsr -CAfile /opt/CaIC/tsa/tsa.crt Verification: FAILED 3074406076:error:2107C080:PKCS7 routines:PKCS7_get0_signers:signer certificate not found:pk7_smime.c:476: I'm trying to create a http TSA, but all references I have are for opentsa that is down. Follow the conf for my TSA: #################################################################### [ tsa ] default_tsa = tsa_config1 # the default TSA section [ tsa_config1 ] # These are used by the TSA reply generation only. dir = /opt/CaIC/tsa # TSA root directory serial = $dir/tsaserial # The current serial number (mandatory) crypto_device = builtin # OpenSSL engine to use for signing signer_cert = $dir/tsa.crt # The TSA signing certificate # (optional) certs = /opt/CaIC/cacert.pem # Certificate chain to include in reply # (optional) signer_key = $dir/tsa.key # The TSA private key (optional) default_policy = tsa_policy1 # Policy if request did not specify it # (optional) other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) digests = md5, sha1 # Acceptable message digests (mandatory) accuracy = secs:1, millisecs:500, microsecs:100 # (optional) clock_precision_digits = 0 # number of digits after dot. (optional) ordering = yes # Is ordering defined for timestamps? # (optional, default: no) tsa_name = yes # Must the TSA name be included in the reply? # (optional, default: no) ess_cert_id_chain = yes # Must the ESS cert id chain be included? # (optional, default: no) Thanks -- View this message in context: http://openssl.6102.n7.nabble.com/Error-PKCS7-get0-signers-signer-certificate-not-found-tp53311.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org