Reputation: 1056
Authenticode sign of executable with timestamping via SSL
When using signtool.exe to perform authenticode signing of executables, we want to use timestamping to ensure that the executable will still be valid in the future. It seems that the timestamping server protocol only supports http:// and not https:// out of the box. This seems like a security vulnerability on Microsoft's part.
Does anyone know how to perform signtool.exe timestamping via SSL? In other words, to use a time server https://timestamp.digicert.com instead of http://timestamp.digicert.com
Upvotes: 0
Views: 608
Answers (1)
Reputation: 10998
There are timestamping services available through HTTPS, see for example this Gist listing public servers:
https://gist.github.com/Manouchehri/fd754e402d98430243455713efada710
Some of them are served through HTTPS:
https://rfc3161.ai.moda
https://rfc3161.ai.moda/adobe
https://rfc3161.ai.moda/microsoft
https://rfc3161.ai.moda/apple
https://rfc3161.ai.moda/any
https://freetsa.org
https://ca.signfiles.com/tsa/get.aspx
https://tsp.iaik.tugraz.at/tsp/TspRequest
The others may also work, just try replacing http:// with https://
https://timestamp.sectigo.com
Upvotes: 1
Related Questions
- Why is the signature on my executable still valid?
- Get timestamp from Authenticode Signed files in .NET
- Alternative timestamping services for Authenticode
- How do you deploy your own Authenticode Timestamping Service?
- signtool.exe set proxy for timestamp
- Signing ClickOnce applications using mage.exe and Sha256 timestamp server url
- S/MIME timestamp in Windows
- Can I timestamp a .NET assembly using local computer time?
- How do you timestamp code-signed Dotnet assemblies?
- How to retrieve and decode a timestamp date property from authenticode signed files in .NET