My signserver works now fine in my lab. For example the User2 can sign PDF documents using the Worker2. this Worker2 use a P12 certificate generated for User2.
the destination User can also check the status of the signer certificate if it is revoked or valid ( using the OCSP responder)
It works fine but I want to implement my OWN TimeStamp Authority and I want also the the TSA don't use my server time clock but an Internet Time Source.
I have consulted the signserver doumentation. but I need, if it's possible an example how to implement it.
thanks
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You can add a timestamp signer in similar way as for the PDF signer but with other properties of course. Some sample configuration are available in sample-config/qs_timestamp_configuration.properties and you can see all the available properties in the manual: http://www.signserver.org/manual/complete.en.html#Time-stamp%20Signer
As you can see it is possible to use different time sources. The default one and only implemented is org.signserver.server.LocalComputerTimeSource which takes the time from the local computer. It is possible to implement other TimeSources by implementing the ITimeSource java interface. However, you could consider having the time of the server synchronized for instance using NTP.
The status reading local computer time source returns "time source not available" until the status property TIMESOURCE0_INSYNC is set to true.
The status properties can be set for instance using the "bin/signserver setstatusproperty" command.
Hi Markus
My signserver works now fine in my lab. For example the User2 can sign PDF documents using the Worker2. this Worker2 use a P12 certificate generated for User2.
the destination User can also check the status of the signer certificate if it is revoked or valid ( using the OCSP responder)
Now my question is about the TS Authority.
I have added this property TSA_URL also to the worker2 config the value entered for this property is http://timestamp.globalsign.com/scripts/timestamp.dll
It works fine but I want to implement my OWN TimeStamp Authority and I want also the the TSA don't use my server time clock but an Internet Time Source.
I have consulted the signserver doumentation. but I need, if it's possible an example how to implement it.
thanks
Hi,
Good to hear.
You can add a timestamp signer in similar way as for the PDF signer but with other properties of course. Some sample configuration are available in sample-config/qs_timestamp_configuration.properties and you can see all the available properties in the manual:
http://www.signserver.org/manual/complete.en.html#Time-stamp%20Signer
As you can see it is possible to use different time sources. The default one and only implemented is org.signserver.server.LocalComputerTimeSource which takes the time from the local computer. It is possible to implement other TimeSources by implementing the ITimeSource java interface. However, you could consider having the time of the server synchronized for instance using NTP.
After you have setup the timestamp signer it can be access using a URL similar to:
http://localhost:8080/signserver/tsa?workerName=TSA
Best regards,
Markus
Hi Markus,
How I can use this other time source implemented ?? :
TIMESOURCE = org.signserver.server.StatusReadingLocalComputerTimeSource
It return me this error:
Status of Signer with Id 1 is :
Worker status : Offline
Token status : Active
Signings: 162
Errors:
Time source not available
Regards,
Valentin.
Hi Valentin,
The status reading local computer time source returns "time source not available" until the status property TIMESOURCE0_INSYNC is set to true.
The status properties can be set for instance using the "bin/signserver setstatusproperty" command.
Some more information about the status repository can be seen here:
http://www.signserver.org/manual/complete.en.html#Status%20Repository
Regards,
Markus
PrimeKey
sorry for this question but what is the real function of a "TimeStamp Authority" i not idea…
If you don't know what a timestamp authority is you probably don't need one…
You should read rfc 3161 (search for it) to find out what a TSA is.
Cheers,
Tomas
thanks for the reply tomas….i understand…is like a time sign for test ….sorry if im wrong…
A Time Stamp Authority is not a test thing as all. It's a real thing…