cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
harald_rheindo
Flexera beginner

SHA256 Timestampserver - Symantec shut down

Hi,
I use InstallShield 2016. We have a SHA256 certificate and we sign with InstallShield in SHA256. In the Settings.xml are the following entries for the timestampserver URL:
sha256timestamp.ws.symantec.com/sha256/timestamp. This also generates SHA256 for the counter signature.
Symantec will shut down these timestamp servers in late October. Then the entries in the Settings.xml are no longer valid.
As a replacement URL, we got "timestamp.digicert.com" called, this entry in the Settings.xml at the counter signature only generates SHA1.

Question: How can I use InstallShield to specify a SHA256 timestamp server, which then also generates a counter signature with SHA256?

In the Settings.xml can only be specified a URL, the parameters / fd / td, etc., which would be necessary for Signtool.exe I can not specify anywhere.

Thanks for your help or suggestions.

Harald

Labels (1)
0 Kudos
2 Replies
Flexera banna_k
Flexera

Re: SHA256 Timestampserver - Symantec shut down

 

Hi @harald_rheindo ,

 

Can modify your settings.xml with the time stamp server details, add the "DigitalSignature TimestampRFC3161" if it is not there. like below :

<DigitalSignature Timestamp="http://timestamp.verisign.com/scripts/timstamp.dll"/>
<DigitalSignature TimestampRFC3161="http://timestamp.verisign.com/scripts/timstamp.dll"/>

And specify the appropriate certificate signature digest from the certificate information dialog available under the release view.

 

0 Kudos
harald_rheindo
Flexera beginner

Re: SHA256 Timestampserver - Symantec shut down

Hi,

I know these entries in Settings.xml. These URL details in the counter signature only indicate sha1 and not sha256. This does not work with the Verisign URL.
It only works with the Symantec URL, but these URLs will not be valid any more soon.

Thank you for your prompt reply.

Harald

0 Kudos