I want reach the timestamp server for sign a file with signtool.exe behind a firewall, this is my current command:
signtool.exe timestamp /t http://timestamp-server foo.exe
has sign tool some feature for set the proxy?
has sign tool some feature for set the proxy?
I think it is impossible to set the proxy with signtool.exe.
See also:
How to timestamp Authenticode signatures when our proxy requires authentication
Related
When using signtool.exe to perform authenticode signing of executables, we want to use timestamping to ensure that the executable will still be valid in the future. It seems that the timestamping server protocol only supports http:// and not https:// out of the box. This seems like a security vulnerability on Microsoft's part.
Does anyone know how to perform signtool.exe timestamping via SSL? In other words, to use a time server https://timestamp.digicert.com instead of http://timestamp.digicert.com
I want to use the timestamp option /t resp. /tr of the Microsoft Visual Studio signtool tool. The timestamp service I have in mind requires authentication. For this purpose you get a personalized soft token to identify yourself at the timestamp server.
My question: Is this authentication supported by signtool? In other words: does signtool support RFC 3161 (Time-Stamp Protocol) and RFC 2246 (Authentication)?
Thank you
Can you help me to disable Validate Server Certificate option in Local Area Network Properties
Authentication Tab .I want to disable validate server certificate check with the help of batch file.
thanks
Umair
What you're asking for requires a hotfix from Microsoft for Win7/Win2008 systems:
http://support.microsoft.com/kb/2493933
Hotfixes can be scripted, usually by following them with a /s or /q for "silent" or "quiet", or both.
Hy!
I want sign a windows .exe binary with signtool from the Microsoft Platform SDK (7.1) and add a timestamp to the signature. I have two problems with that.
The (RFC compliant) timestamp server I want to use only allows encrypted https connections, but the /tr option of signtool returns an error, if the URL is not prefixed by http://
I need to authenticate to the timestamp server prior to using it, either by TLS-Client-Authentication (using the signature certificate) or by classic HTTPS username/password login. But I can't find a way to set any of these with signtool.
Is there a way to accomplish this?
As part of a ClickOnce deployment I'm running mage.exe
mage.exe -Sign "manifest file" -CertFile Cert.pfx -Password yepit5right -TimeStampUri http://timestamp.verisign.com/scripts/timstamp.dll
the certificate comes from Verisign in the first place so using their timestamping service.
This works fine on some machines but not others, and they come back with the very readable error code of -2147012865 which translates to error 12031 - ERROR_INTERNET_CONNECTION_RESET.
I can connect out through IE on that machine to sites such as stackoverflow.com and so the proxy settings which it needs appear to be correct.
Does mage.exe support authenticating proxies? This used to work, over a year ago now, before we had a major outbound proxy change which I think included changing from non-authenticating to using integrated authentication at the proxy layer.
Thanks
Not a great answer but it turns out that mage.exe cannot authenticate through to a proxy when making the request out to the timestamping service.
To get around this restriction I have added the source machine and the target URL to our outbound proxy's "whitelist" of requests that are allowed out without requiring proxy authentication. As you could imaging doing this within a corporate environment where the security team own that list was not a simple task, I much prefer cracking the technical nut.
As soon as this was added mage.exe started behaving as expected, and as it behaves in our test environments which have a non-authenticating proxy.