威瑞信时间戳服务器是否关闭?
过去两天(2021 年 1 月 1 日和 2 日),我尝试使用 Inno Setup 构建我的设置脚本,但数字签名失败。所以我通过电子邮件联系了威瑞信,等待他们的回复。
回答
我今天下午(2021 年 1 月 2 日)收到了威瑞信的官方回复:
感谢您联系威瑞信支持。
在我们的身份验证服务出售给赛门铁克(现为 Digicert)后,此服务器已被弃用。您可以在网上找到免费时间戳服务器的列表,或者它们的列表现在位于
http://timestamp.digicert.com。如果您有其他问题,请随时与我们联系。
所以 http://timestamp.verisign.com时间戳服务器不复存在了。
目前我知道以下替代方案(除了上面的 Digicert 之外)效果很好:
http://timestamp.comodoca.com/authenticodehttp://timestamp.globalsign.com/scripts/timestamp.dllhttp://tsa.starfieldtech.com
- Another note about http://tsa.starfieldtech.com: this one does not seem reliable, I think it bans IP that do "too much" signing.
- @AlannaRose No, I emailed their support and I copy / pasted their response to me.
- Note about http://timestamp.comodoca.com/authenticode : I stopped using that one in June 2020 because it started generating broken timestamps, I believe due to an expired root certificate.
- I wasn't able to find any public posts about this. Did they point you to any deprecation announcements? It seems like this was completely announced.
回答
使用 Microsoft 的SignTool.exe 时
更改时间戳服务器 ( -f):
- 之前:(
signcode -t "http://timestamp.verisign.com/scripts/timstamp.dll"已解散) - 之后:
signcode -t "http://timestamp.digicert.com"
- @AndrewTruckle Exactly. And in order to help along the process, and since stackoverflow is also a wiki, i'm providing the information to others to help them along. No reason they have to suffer through remembering all these details that they laid down in a `.cmd` file 17 years ago and haven't thought about since.
- @IanBoyd This was a life saver. The 'someone' left the company and left no instructions. The server that had the data crashed and there were no backups. Two groups thought the other group was responsible for backups. So I was left with black hole.