3

We are planning to implement a time proof digital signature solution in our intranet. Currently we have a Enterprise AD CS up and running. We are planning to use these signatures only inside our organization.

According to This technet article we need XAdES-T digital signature, and for this we need to

Set up a time stamp server that is compliant with RFC 3161

Has anyone idea how to achieve this? We would like to avoid using paid third party solutions.

Thanks,
Sandor

Sandor
  • 131
  • 3

1 Answers1

1

You could use openssl to create the timestamps, but you would have to create the server application around it yourself (more or less basic HTTP handling, not really hard to do).

Or if you are looking for a readymade solution, you could check out SignServer, a sister-product of EJBCA.

mat
  • 548
  • 6
  • 20
  • Thanks for the post. Well, we have an MS infrastructure setup as described above, therefore I don't want to switch to a third party solution like SignServer, if it's not necessary. The same stands for openssl. My question mean to be, is there any standard MS solution or simple solution to use XADES-t with MS CA. – Sandor Mar 18 '14 at 09:48
  • I'm not aware of any MS-based solutions, but I don't use Windows Server on a regular basis, so that need not say much. What I can say, ist that using MS does not prohibit you from using openssl, there are binaries of openssl [available for Windows](https://www.openssl.org/related/binaries.html) – mat Mar 18 '14 at 11:25