unrecognized reply from time server

[Guest]

[mediascience]

Trying to timestamp-sign a JAR using url
http://timestamp.comodoca.com/authenticode

jarsigner responds with error:
jarsigner: unable to sign jar: java.io.IOException: MIME Content-Type is not app
lication/timestamp-reply


Is there an alternate time server for jarsigner?

TIA

[mark-support]

Hi,

The timestamping server URL is common for all type of signing, so could you please send a exact command that you have used for signing a jar file to find a cause of the issue?.

Thanks.

[mediascience]

I believe authenticode uses a proprietary protocol that is different from the standard used by jarsigner (Timestamp Protocol, RFC 3161). So, I'm wondering where I might find Comodo's timestamp server for the standard protocol.

As requested, the command that generates the error:

jarsigner -signedjar detector.jar -tsa "http://timestamp.comodoca.com/authenticode" assembly-1.0-SNAPSHOT-jar-with-dependencies.jar msisoftware
Enter Passphrase for keystore:
Enter key password for msisoftware:
jarsigner: unable to sign jar: java.io.IOException: MIME Content-Type is not application/timestamp-reply

Thank you.

[jpblanco]

I am another user that is trying to sign JAR files using jarsigner, and am running into the same problem as is decribed above by other users.  I believe that the post by the user who suggests that the Authenticode protocol is different than the standard protocol is correct.  Please respond and let us know if Comodo has a URL that supports the timestamping protocol used by jarsigner and, if so, where we can access it.  If Comodo does not yet support this, we need to know when you will.

For the record, the error message I'm receiving is:

"jarsigner: unable to sign jar: java.io.IOException: MIME Content-Type is not application/timestamp-reply"

If you (the Comodo support team) need more information on jarsigner and its support for timestamping, please see:

http://java.sun.com/j2se/1.5.0/docs/guide/security/time-of-signing.html

[mark-support]

Hi,

Unfortunately at this time we do not support timestamping JARs.

I do not know if we will offer a timestamping service for anything other than Authenticode. However, I will suggest our developers add this sort of functionality to our arsonal. I can not guarantee it will ever be added.

Thanks.

[ambling]

I am also attempting to sign Java jar files with the code signing certificate I bought from you.  Like the previous posters I get an error back from the time server when using the jarsigner "-tsa http://timestamp.comodoca.com/authenticode" option to time stamp the code signature.

Count me as one more customer that is hoping that support for providing an RFC 3161 compliant time stamp service is still on your list of important enhancements.

[Rob Stradling]

We don't currently provide an RFC3161-compliant Timestamping Server.  However, it is certainly on our list of important features to add.  October 31st 2011 is the best ETA I can offer right now, because...

Microsoft have recently imposed a new requirement on all Code Signing CAs (including Comodo) who are members of the Microsoft Root Certificate Program:
"The CA shall operate a timestamp server authority (TSA) in conjunction with their code signing service, and as a best practice request that Subscribers timestamp the digital signature after signing their code.  Effective no later than October 31, 2011, the TSA must comply with RFC 3161, 'Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP).' "

[Tags:]