The most common timestamping problems and the troubleshooting instructions are:
- Make sure you have the correct version of the signing tools. If you have not downloaded a new version from Microsoft recently, you probably don't have the latest version. The new tools are located in the Microsoft Windows Platform SDK. The most current version for the Windows Platform can be downloaded here.
- You may be accessing an incorrect URL.
The RFC 3161 timestamping URL for DigiCert is:
Note: The timestamp URL is case sensitive, please use all lower case.
- The incorrect signing option is used with your timestamping service.
- /t: Specifies that the digital signature will be timestamped by the Time-Stamp Authority (TSA) indicated by the URL
- /tr: Specifies the URL of the RFC 3161 time stamp server. This option cannot be used with the /t option.
- The signtool program does not sign files which reside on a mapped drive (i.e. a network drive). The file to be signed must be on a local drive such as C:. The timestamping server will not respond to any other network probes (such as a ping or a tracert.)
- If the Internet control panel applet is not used to set the proxy, then signtool.exe from Microsoft does not work. Some users may frequently enable and disable the proxy as part of testing - to avoid problems of browser caching. This may have cause problems when trying to access the timestamp server. This proxy setting is used by all programs which use the wininet.dll. It is not available in the registry and may differ from the proxy setting used by other browsers in the system (e.g. Netscape) It is a very hard problem to track down.
- Incidentally, the MS IE browser itself uses the same dll so that changing the proxy in MS IE is equivalent to using the control panel applet. If your code signing tool returns an invalid HTTP address when trying to connect to the VeriSign Timestamp server, it might be due to your firewall.
If you have a problem with timestamping, you can sign your code without the timestamping option by omitting the timestamp option and its argument from the command line. If the signing succeeds, you can add the timestamp option. The result is the same as signing and timestamping in a single command.