Attribute "signingCertificateV2" in SignServer timestamp

[Enrico Lacaria]

Hi

We're using release 3.4.0 of SignServer.

We need to get in timestamp the attribute "signingCertificateV2" (OID=1.2.840.113549.1.9.16.2.47),
as defined in RFC 5035 and 5816.

Until now, we obtain timestamp with attribute "signingCertificate" (not V2).

What should we do to achieve that result ?

Is that depending on the TSA's certificate or it's just
a matter of release of the software ?

Thank you very much.

[Markus Kilås]

Hi Enrico,

Currently SignServer only uses the signingCertificate attribute (not V2).

To support the uses of signingCertificateV2 requires changes to org.signserver.module.tsa.bc.TimeStampTokenGenerator.java as well as some new worker properties for selecting which hash algorithm to use. This should be a quite straight forward change taking about a day including QA for us to implement.

We are willing to accept patches if you want to make this change yourself. Otherwise you can contact sales@primekey.se if you would like us to develop this for you.

Best regards,
Markus

PrimeKey Solutions offers a commercial EJBCA & SignServer support subscription and training. Please see www.primekey.se or contact info@primekey.se for more information.
[url]http://www.primekey.se/Services/Support/[/url]
[url]http://www.primekey.se/Services/Training/[/url]