我们在构建服务器上签署我们的可执行文件。突然,构建服务器未能建立给人错误:http://timestamp.geotrust.com/tsa不再适用于SignTool?
SingTool Error: The sepcified timestamp server either could not be reached or returned an invalid response.
改变时间戳服务器http://sha256timestamp.ws.symantec.com/sha256/timestamp后,唱歌也重新工作。
我知道这是一个有点宽泛我只是不想错过任何东西......
我问赛门铁克关于这一点,所以他们给我发了这个链接:https://knowledge.symantec.com/support/partner/index?page=content&id=NEWS10071&viewlocale=en_US
By April 18, 2017, Symantec will decommission the "Legacy" timestamping service.
(Legacy) RFC 3161 SHA128 Timestamp Service: https://timestamp.geotrust.com/tsa
To support business continuity for our customers, we have provided the following replacement services.
(New) RFC 3161 Service SHA256: http://sha256timestamp.ws.symantec.com/sha256/timestamp
Important: Customers must leverage SHA256 Timestamping service going forward, and should not use a SHA1 service unless there is a legacy platform constraint which doesn't allow use of SHA2 service (in this case you can use this new URL: RFC 3161 Service SHA128: http://sha1timestamp.ws.symantec.com/sha1/timestamp).
Background and Key Industry Mandates affecting the Timestamping services
To comply with Minimum Requirements for Code Signing (CSMRs) published by CA Security Council and Microsoft Trusted Root Program Requirements (section 3.14), Symantec has set up the "new" RFC 3161 (SHA1 and SHA2) service as per specifications and requirements laid out by section 16.1 which requires FIPS 140-2 Level 3 key protection. In the near future, Oracle will be taking steps to remove SHA1 support for both Java signing and timestamping. This will not impact Java applications that were previously signed or timestamped with SHA1 as these will continue to function properly. However, Java applications signed or timestamped with SHA1 after Oracle's announced date may not be trusted.
我经历开始于2017年4月21日同TSA问题。从https://timestamp.geotrust.com/tsa切换到http://sha256timestamp.ws.symantec.com/sha256/timestamp修复了我们的问题,所以谢谢指针。我使用旧URL收到的具体错误是,jarsigner返回“java.net.socketException:软件导致连接中止:recv失败。”
Verisign知识库文章AR185更新于2017-03-16,建议使用jarsigner参数“-tsa http://sha256timestamp.ws.symantec.com/sha256/timestamp”,它在此用于推荐https://timestamp.geotrust.com/tsa。此文档更改向我暗示URL的禁用可能是故意的,但我不知道这对于使用旧时间戳服务器签名的JAR的信任级别是否有任何影响。
从其他供应商合作链接,时间戳:http://tsa.starfieldtech.com
您可以选择密钥库资源管理器(具有良好的GUI标志的工具) 。它的默认和无法正常工作链接http://timestamp.geotrust.com/tsa
如果是这样,不要忘了更改选项TSA URL(添加时间戳)这个链接。例如,这个选项(链接)对我很好: http://tsa.starfieldtech.com
嗨。欢迎来到SO。当链接可能过期或过期时,最好将一些描述放入答案中。通过在链接中包含关键点来改进您的回答(也请保留链接)。 – miltonb