Hello, I have tried many TSA services with the same (error) result.
------------------------------ openssl ts -query -data file2.txt >file2.tsq openssl ts -query -data file2.txt -cert >file2-cert.tsq /usr/lib/ssl/misc/tsget -d -h http://timestamp.comodoca.com/rfc3161 -o file2.tsr file2.tsq /usr/lib/ssl/misc/tsget -d -h http://timestamp.comodoca.com/rfc3161 -o file2-cert.tsr file2-cert.tsq but the verifying fails: $ openssl ts -verify -queryfile file2.tsq -in file2.tsr Verification: FAILED 139879738762912:error:2107C080:PKCS7 routines:PKCS7_get0_signers:signer certificate not found:pk7_smime.c:476: $ openssl ts -verify -queryfile file2-cert.tsq -in file2-cert.tsr Verification: FAILED 140342678423200:error:2F06D064:time stamp routines:TS_VERIFY_CERT:certificate verify error:ts_rsp_verify.c:246:Verify error:unable to get local issuer certificate ------------------------- With some other TSA I have tried to to add -CAfile and -untrusted params with single or chained PEM certificates (in many possible combinations) but - without effect. TSAs for example: http://www.iaik.tugraz.at/ http://www.postsignum.cz/testovaci_casova_razitka.html https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=222 (there use the http://timestamp.comodoca.com/rfc3161) BTW: to use HTTP basic auth. it is necessary to modify tsget or use CURL directly: curl -k --basic -u "demoTSA:demoTSA2010" -H "Content-Type: application/timestamp-query" --data-binary @file5.txt.tsq "https://www.postsignum.cz/DEMOTSA/TSS_user/ " >file5.txt.tsr Can somebody help me and give to me example HOW TO get and successfully verify time stamps RFC 3161 (over http) with OpenSSL ? Please :-/ --kapetr ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
