ssglogic
Active participant

Invalid Timestamp http address

Jump to solution

Hi

My machine to create setup is always connected to Internet at the time of creating setup through IS.

When the Digital Code signing OV certificate of Symantec expired - I purchased a OV certificate from Sectigo, created pvk and spc files from the pfx file.

 

case1. When I started building in IS - I am getting a "Invalid Timestamp http

error"

Case2. I take out the Internet and network cable - machine is without even a network and no internet - I get the same error. I though the machine is not able to reach the site when Internet is on.

Case3. I reconnected cables and Internet was on - I ping to timestamp.sectigo.com - I get all 4 with 155 ms return time.

Case4. Try building - same "Invalid timestamp http error"

Kindly guide how to come out of this problem.

 

Do you need any further information from me - without which you can not understand the problem ?

 

I have seen this problem so many times posted by many on google - this is not a new problem.

 

Best regards,

 

Sabyasachi Gupta

SSG Software Systems Private Limited

Bangalore, India

Labels (1)
0 Kudos
1 Solution
ssglogic
Active participant

 My one month long (3 weeks) problem is - Solved now.

 

For the benefit of all - here is how I solved it -

01. In the settings  - I had to keep timestamp dot digicert.com as timestamp dot sectigo.com is not working

02. While inspecting the msi file for which IS showed signing succeeded and then immediately gave an error (please see the previous message - I have shown) - I found that there is one "AAA Certificate Services"  whose certificate is not in "Trusted Root Certification Authorities" Store. Please see the attached file for the screen shot.

I installed that certificate of AAA Certificate Services in the "trusted Root Certification Authority" store. and that solved the issue - now both .msi as well as the release exe files are also signed successfully.

 

Hope this helps others.

 

 

View solution in original post

8 Replies
banna_k
Flexera
Flexera

Hi @ssglogic,

 

Can you configure the timestamp server in settings.xml as mentioned in the below KB article, as well install the patch.

 

0 Kudos
ssglogic
Active participant

Hi @banna_k 

Thank you for your reply.

 

I did the change in the setting.xml file using a notepad. I changed the digital signature to http://timestamp.sectigo.com

Now the error msg changed - I am getting an error -

"Timestamping Failed"

On restarting the system - no help.

 

I can not use the patch you suggested because I am still using my working IS2009 application.

Please advise.

Regards

 

Sabyasachi Gupta

0 Kudos
ssglogic
Active participant

Now, after attending to the suggestions of @@Banna_k to modify the setting.xml, I am getting a different error - "Timestamping Failed".

This is with

http://timestamp.sectigo.com/?td=256

or with

http://timestamp.comodoca.com/?td=sha256

Both the above http addresses are giving the same error.

Does anyone have experience with any of the above timestamping http addresses ?

0 Kudos
shunt
Revenera Moderator Revenera Moderator
Revenera Moderator

On the sectigo website it says that using http://timestamp.sectigo.com their timestamp server will automatically select the appropriate signature algorithm.

https://sectigo.com/resource-library/time-stamping-server 

 

If I try and ping http://timestamp.sectigo.com?td=sha256 I don't get any return.

Perhaps just try http://timestamp.sectigo.com

 

 

0 Kudos
ssglogic
Active participant

I hope my response here will help many others.

I am also in touch with Comodo as well as Sectigo Technical support and tried whatever they have suggested.

I understood very well that Sectigo (as well as Comodo) has a real problem with Timestamping server as on today.

As understood from various posting in this subject - I Understood that

- Timestamping  and Signing are two different and separate activities and we do not pay for timestamping.

 

So, I tried the digicert timestamp server for time stamping and it WORKED.

Installshield started signing files with Sectigo codesigning certificate.

 

BUT, at the end it stopped signing MSI and EXE files. It was looking for a certificate inside the MSI file - why I did not understand.

 

Kindly advise how to handle this problem ?

 

Regards

Sabyasachi Gupta

0 Kudos
ssglogic
Active participant

Sorry, I was out of station for a week.

So, to be back to the problem and re-state the unsolved one -

Though all dll and exe files as well as ocx files are getting signed with the sctigo OV code signing certificate ALONGWITH  with timestamp.digicert.com as timestamping server, the msi and release exe signing are not happening - In these two cases, Installshield is assuming that the Certificate URL is the one mentioned as Timestamp server. So, installshield is giving an error for thse two signing that certificate may not be right one. Any advice please ?

0 Kudos
ssglogic
Active participant

Can anyone please clarify what is the significance of the following - (after saying signing successful - IS gives an error) -

Started signing certificate.msi ...

Succeeded

Upgrading and Patching Validation disabled...skipping

Started signing GSTGSS.msi ...

Succeeded

ISDEV : error -6258: An error occurred extracting digital signature information from file "I:\GSS3\GSS3-ISM\GSS\GSS3\DiskImages\DISK1\GSTGSS.msi". Make sure the digital signature information provided in the IDE is correct.

For your Thinking - I am using code certificate of Sectigo but timestamping server of digicert.

0 Kudos
ssglogic
Active participant

 My one month long (3 weeks) problem is - Solved now.

 

For the benefit of all - here is how I solved it -

01. In the settings  - I had to keep timestamp dot digicert.com as timestamp dot sectigo.com is not working

02. While inspecting the msi file for which IS showed signing succeeded and then immediately gave an error (please see the previous message - I have shown) - I found that there is one "AAA Certificate Services"  whose certificate is not in "Trusted Root Certification Authorities" Store. Please see the attached file for the screen shot.

I installed that certificate of AAA Certificate Services in the "trusted Root Certification Authority" store. and that solved the issue - now both .msi as well as the release exe files are also signed successfully.

 

Hope this helps others.

 

 

View solution in original post