Setting up signserver for timestamping

[CPspencer]

I'm currently working through a small PoC of running the signserver docker image to test timestamping. I worked through the ejbca setup steps to create certs + followed along with this tutorial on container signing as a reference for setting up crypto workers + a worker in signserver. I did make the modifications needed to create a cert for a TimeStamping worker (e.g. selecting Extended key usage with Critical and only selecting Time Stamping).

Now that it's all setup, I'm unsure of how to timestamp a document correctly now and am concerned there's an additional step I'm missing. When I attempt to provide a file to the timestamper, the return data contains:

0-0+0"
The request could not be parsed.

I've attempted timestamping both with curl and through the UI with the same results. Any idea what could be occurring? I'm happy to provide any config files as well - just let me know what would help.

[netmackan]

You need to pass the TimeStampSigner a time-stamp request in RFC#3161 format.

In an application support time-stamping you usually just need to configure it to use the URL of your time-stamp signer. For instance if your worker is called MyTimeStampSigner the URL would be something like:
https://signserver.example.com/worker/MyTimeStampSigner

Time-stamping with SignClient

To test that the service is working you can also use the time-stamp client available in SignClient:

/opt/signserver/bin/signclient timestamp -url https://signserver.example.com/worker/MyTimeStampSigner

This will send one time-stamp request every second until you press Ctrl+C.

Time-stamping with OpenSSL and cURL

echo "Something to time-stamp" > myfile.txt
openssl ts -query -data myfile.txt -cert -sha256 -out request.tsq
curl -H "Content-Type: application/timestamp-query" --data-binary @request.tsq https://signserver.example.com/signserver/worker/TimeStampSigner -o response.tsr
--

[CPspencer]

Thank you!

[CPspencer]

@netmackan Silly question on this - how would I go about verifying this timestamp? I'm attempting to use openssl ts -verify and passing in the data file, response file, but am a bit unclear what certs to use. I am receiving the following error for most of my attempts: time stamp routines:CRYPTO_internal:ess signing certificate error

[CPspencer]

Please ignore - this is an issue with the base openssl installed on macs. I was able to verify utilizing linux.