Signing ClickOnce manifest, valid timestamp servers
-
Hallo guys, when creating an assembly, a ClickOnce manifest is can be created. This requires an X.509 certificate and a timestamp server. After adding a certificate to the certicate store, the assembly is created without error or warning. So, what is the purpose of a time server and where do I get a the url of timestamp server? Thanks, Ralf
-
Hallo guys, when creating an assembly, a ClickOnce manifest is can be created. This requires an X.509 certificate and a timestamp server. After adding a certificate to the certicate store, the assembly is created without error or warning. So, what is the purpose of a time server and where do I get a the url of timestamp server? Thanks, Ralf
Hi Ralf, ClickOnce Manifest Signing suggests http://timestamp.verisign.com/scripts/timstamp.dll which is working. Others are http://www.trustcenter.de/codesigning/timestamp http://timestamp.globalsign.com/scripts/timstamp.dll http://timestamp.comodoca.com/authenticode and succeed using Microsoft signtool.exe, version 4.00. Many more CAs should run servers, a least each root CA. X509 certificates for Authenticode require a higher degree of trust if manisfests get a time stamp at creation time. EricLaw mentions this in Everything you need to know about Authenticode Code Signing A signed, time-stamped package remains valid indefinitely, so long as the timestamp marks the package as having been signed during the validity period of the certificate. It may be state in MSDN somewhere. frm19