Re: [SignServer-develop] Timestamp configuration

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

Thanks for your answer.

I try to follow instructions to setup 3.7.0 timestamp signer for demo (it
is not the same instructions for the current version) but I have several
errors on the timestamp signer :

Here is an extract of : >bin/signserver getstatus brief all

Status of CryptoWorker with id 7 (CryptoTokenP12) is:
   Worker status : Active
   Token status  : Active

   Worker properties:
      KEYSTORETYPE=PKCS12

      CLASSPATH=org.signserver.common.ProcessableConfig

      DEFAULTKEY=Signer 2

      KEYSTOREPATH=/opt/signserver/res/test/dss10/dss10_signer2.p12

      SIGNERCERT=

      NAME=CryptoTokenP12

SIGNERCERTCHAIN=MIIEhzCCAm+gAwIBAgIITQ7wWwEnF4EwDQYJKoZIhvcNAQELBQAwTTEXMBUGA1UEAwwORFNTIFJvb3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMB4XDTE0MTAxMDA4NDQyOVoXDTM0MTAxMDA4NDQyOVowQDEUMBIGA1UEAwwLVFMgU2lnbmVyIDIxGzAZBgNVBAoMElNpZ25TZXJ2ZXIgVGVzdGluZzELMAkGA1UEBhMCU0UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiQkk9WQ+ufdrnms7oDcGdt7Sd8lH0gNIjwCYWFgQEugp+Jq/HSgx1t0N74OTC/vzEGSBuP//aWEwJWayz3RHNj53R3SuDZI/zL8OzLHCuKoJ+4zuWeWC9IcJjChfz64MzvMjnfKQpWGoje23IU9rxGyN8U4hap/f376wlSF5biP3H2u61/qqC2PE5g9DAPKBP1whWkztl6GGpViVxBlGymsyDnmzZI39rvySsBbnWayggOB337Nuwi/O4aoKyk7cA3xvaby2UdOUD8Tj7c5mRKqCnHwVIoh9spRrzrqlHOm29xsv/CkXFiTLGpwHqjsIWdZuveBQ+nPwqO5jvKkybAgMBAAGjeDB2MB0GA1UdDgQWBBRKRH8HvWJ0mZHx15nOIECpLNbOEzAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCB6Id7orbsCqPtxWKQJYrnYWAWiMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDANBgkqhkiG9w0BAQsFAAOCAgEAcVo//K7a0PDKQypvdYLMR5byNr+lvQlvf2ebnnbL7epgZor+5iKPy8NbEfdlu1PzQaJKcM9XVc68cWyuS1JStJHQuCeFDt8JBe2Wy+z6sC905nxkh495YYHFzjV8OpA5K7f8fcEnres+7BJM9opnLlWZwCcZx1UjWy1ETOuT//0311Uhn/MXd3V3cfx3oCRrZ+EgS/XFg1FFqnk1Ntxa4AIpyr8dWR8boTG9uN/kd5D8gLJUINwCI+AMfzsnotMqYwpUGtnaayssTpVQqQ8w2vUvJ8mlqbbOZS+d1HJ+xAWhXjVwxk9t++LUTXW6lKp8YuYNN2w+j/Ga4o76QO1tsRAhtgVYiiTOf9nHO9fJvLj+N/qxVr2OWq+/C9n87moyZHuD0aDW6FoqkG/Adh0g1GNolop6M1C+iu/SRrdFF7aoBr083lQxI32OLsFrICWqZX1+cWk5yZn6ARuiDLX4GSaz63VmoqEW4TPN51HIGX0p4VVOagfqNQrEg86pTlZFpBfQ9LlmpYV/B2x5Snbpe/raW67hQ1NvrrDV/ilxxKXdFLXXBARqn6/t73F0SkyFtCHhSieOm1TMli3IdHgV7up88TE5PnJ6VT6n+mcaQxz4bUmpFKCoFFlIaHpQSW2iQQsOXgKt/GOJEajR/MGhZNJeTpWK4Bs4uffGDwu+Tck\=

   Authorized clients (serial number, issuer DN):

Status of Signer with id 8 (TimeStampSigner) is:
   Worker status : *Offline*
   Token status  : Active
   Signings      : 0

   *Errors: *
*      - No signer certificate available*
*      - No key available for purpose: null*
*      - Unsupported certificate type*

   Worker properties:
      CRYPTOTOKEN=CryptoTokenP12

      CLASSPATH=org.signserver.common.ProcessableConfig

      AUTHTYPE=NOAUTH

      SIGNERCERT=

      NAME=TimeStampSigner

      WORKERLOGGER=org.signserver.module.tsa.DefaultTimeStampLogger

      SIGNERCERTCHAIN=

      DEFAULTTSAPOLICYOID=1.2.3

   Authorized clients (serial number, issuer DN):

   Signer certificate:
*      Error: No Signer Certificate have been uploaded to this signer.*

Do you have any ideas ?

Thanks for your help !

Arnaud

2017-03-16 3:06 GMT+01:00 Jaime Hablutzel Egoavil <hab...@gm...>:

>
> On Wed, Mar 15, 2017 at 4:24 PM, Arnaud Defos <arn...@gm...>
> wrote:
>
>> Hi everyone,
>>
>> I would like to use TimeStamp server but I have troubles with the
>> configuration.
>>
>> I have for the moment two workers :
>>  - one for JKS configuration (it is active and online)
>>  - one for StampSigner which is active and offline
>> =>    Worker status : Offline
>>    Token status  : Active
>>    Signings      : 0
>>
>>    Errors:
>>       - Missing extended key usage timeStamping
>>       - The extended key usage extension must be present and marked as
>> critical
>>
>
> There are some requirements on the digital certificate to be used for
> timestamping, see https://www.ietf.org/rfc/rfc3161.txt, "2.3.
> Identification of the TSA".
>
> You could easily generate a certificate for that purpose and with the
> required extension by using XCA or you could just use the demonstration
> certificate for starting as indicated in the link below.
>
>
>>
>> I use signserver 3.7.0.
>>
>> I don't understand how could I configure signing certificate and
>> certificate chain. Which properties do I have to set ? In which worker ? Is
>> the default key configuration important ?
>>
>
> First try to get the timestamping service working by following
> instructions here https://www.signserver.org/doc/current/manual/
> installguide.html#Quick_start_demo_Timestamp_signer.
>
>
>>
>>
>
>> Do you have any ideas ?
>>
>> Thanks a lot,
>>
>> Best regards,
>>
>> Arnaud
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> SignServer-develop mailing list
>> Sig...@li...
>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>
>>
>
>
> --
> Jaime Hablutzel -  RPC 994690880
>