DigiCert KnowledgeBase - Technical Support-hero

Knowledge Base

Troubleshooting Timestamping Problems

Solution ID : SO912
Last Modified : 09/19/2024


If you are having difficulty with timestamping your files, please try the following:
 

  1. Ensure that you are using the correct timestamp URL in your signing command:

    • The RFC 3161 timestamping URL for DigiCert is: http://timestamp.digicert.com
    • The timestamp URL is case sensitive. Lower-case characters should be used.

  2. The IP address of the timestamp service is 216.168.244.9 using port 80. If your organization has strict firewall rules, you may need to add the IP address to your firewall allowed list.

    If you attempt to ping or trace timestamp.digicert.com, it should resolve to this IP address. However, this is not a definitive method of testing whether the service is up or not.


  3. To test whether the timestamp service is available, open a command prompt and run the following command: curl -i timestamp.digicert.com/timestamp/health/heartbeat

    If the service is available, you should receive the following response:



    Note: The URL http://timestamp.digicert.com is not accessible via a browser. Attempting to access the timestamp URL via a browser will not confirm the status of the service.


  4. If you are using Microsoft SignTool, ensure that you have the latest version of the Windows Software Development Kit (SDK). The most current version for the Windows Platform can be downloaded here


  5. Ensure that you use the correct timestamp switch in your signing command:

    • SignTool: /tr http://timestamp.digicert.com /td SHA256
    • JarSigner: -tsa http://timestamp.digicert.com
    • Mage: -TimestampUri http://timestamp.digicert.com
    • NuGet: -Timestamper http://timestamp.digicert.com
    • Osslsigncode: -t http://timestamp.digicert.com

  6. If you have a problem with timestamping, you can sign your code without the timestamping option by omitting the timestamp argument from the signing command. If the signing succeeds, you can add a timestamp separately. The result is identical to signing and timestamping in a single command.

    Adding a timestamp without a signature: 

    • SignTool: signtool timestamp /tr http://timestamp.digicert.com /td SHA256 example.exe
    • JarSigner: jarsigner -tsa http://timestamp.digicert.com example.jar

Note: Adding a timestamp is recommended as it ensures that your signed files remain trusted even after your code signing certificate has expired.

 

GET TOP-OF-THE-LINE SUPPORT TAILORED TO YOUR UNIQUE BUSINESS NEEDS.

SEE PLANS

  • DigiCert Logo

    The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.