Tsa server error
309 views
Skip to first unread message
mike unknown
May 26, 2015, 5:28:43 PM5/26/15
to jsig...@googlegroups.com
Hi! please can you help, what im doing wrong, becouse after entering pin2 i get this message
P.S. in similar programms i always entering pin2(sign sertificate), then pin1 (auth sertificate), and my doc get signed with timestamp
P.S. in similar programms i always entering pin2(sign sertificate), then pin1 (auth sertificate), and my doc get signed with timestamp
INFO Creating TSA client.
INFO Setting TSA hash algorithm: sha1
INFO Setting TSA policy OID: 1.3.6.1.4.1.32061.1.1.1
ERROR Problem occured
java.lang.IllegalArgumentException: No digest algorithm specified
at org.bouncycastle.tsp.TimeStampRequestGenerator.generate(Unknown Source)
at com.lowagie.text.pdf.TSAClientBouncyCastle.getTimeStampToken(Unknown Source)
at com.lowagie.text.pdf.TSAClientBouncyCastle.getTimeStampToken(Unknown Source)
at com.lowagie.text.pdf.PdfPKCS7.getEncodedPKCS7(Unknown Source)
at net.sf.jsignpdf.SignerLogic.signFile(SignerLogic.java:387)
at net.sf.jsignpdf.SignerLogic.run(SignerLogic.java:114)
at java.lang.Thread.run(Unknown Source)
INFO Finished: Creating of signature failed.
Josef Cacek
May 27, 2015, 2:34:38 AM5/27/15
to JSignPdf forum
The "sha1" value as the "TSA hash algorithm" seems to be a problem in
your case. Use the uppercase - i.e. "SHA1".
Here's the list of supported values:
MD5
MD2
SHA1
SHA224
SHA256
SHA384
SHA512
MD-5
MD-2
SHA-1
SHA-224
SHA-256
SHA-384
SHA-512
RIPEMD128
RIPEMD-128
RIPEMD160
RIPEMD-160
RIPEMD256
RIPEMD-256
Regards,
-- josef
> --
> You received this message because you are subscribed to the Google Groups
> "JSignPdf" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jsignpdf+u...@googlegroups.com.
> To post to this group, send email to jsig...@googlegroups.com.
> Visit this group at http://groups.google.com/group/jsignpdf.
> For more options, visit https://groups.google.com/d/optout.
your case. Use the uppercase - i.e. "SHA1".
Here's the list of supported values:
MD5
MD2
SHA1
SHA224
SHA256
SHA384
SHA512
MD-5
MD-2
SHA-1
SHA-224
SHA-256
SHA-384
SHA-512
RIPEMD128
RIPEMD-128
RIPEMD160
RIPEMD-160
RIPEMD256
RIPEMD-256
Regards,
-- josef
> You received this message because you are subscribed to the Google Groups
> "JSignPdf" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jsignpdf+u...@googlegroups.com.
> To post to this group, send email to jsig...@googlegroups.com.
> Visit this group at http://groups.google.com/group/jsignpdf.
> For more options, visit https://groups.google.com/d/optout.
Josef Cacek
May 27, 2015, 12:35:43 PM5/27/15
to JSignPdf forum
It seems either the authentication failed or you're not authorized to
use the TSA service.
Check if you have correct personal private key in the pfx file. You
can use keytool.exe (tool in your Java installation) in the console
window:
keytool.exe -list -storetype PKCS12 -keystore
C:\Users\mike\Desktop\privatkey.pfx -storepass [PUT_YOUR_PASS_HERE]
It should print something like:
Keystore type: PKCS12
Keystore provider: SunJSSE
Your keystore contains 1 entry
cn=YourX500DistinguishedName, 1.1.2015, PrivateKeyEntry,
Certificate fingerprint (SHA1):
29:CA:A5:91:D0:A2:DD:6D:9D:C3:2B:CF:1B:34:95:9F:00:CC:3F:54
-- jc
use the TSA service.
Check if you have correct personal private key in the pfx file. You
can use keytool.exe (tool in your Java installation) in the console
window:
keytool.exe -list -storetype PKCS12 -keystore
C:\Users\mike\Desktop\privatkey.pfx -storepass [PUT_YOUR_PASS_HERE]
It should print something like:
Keystore type: PKCS12
Keystore provider: SunJSSE
Your keystore contains 1 entry
cn=YourX500DistinguishedName, 1.1.2015, PrivateKeyEntry,
Certificate fingerprint (SHA1):
29:CA:A5:91:D0:A2:DD:6D:9D:C3:2B:CF:1B:34:95:9F:00:CC:3F:54
-- jc
mike unknown
May 28, 2015, 12:43:51 PM5/28/15
to jsig...@googlegroups.com
i get this:
Keystore type: PKCS12
Keystore provider: SunJSSE
Your keystore contains 1 entry
identitycrl_cert_container_********-****-****-****-**********, May 28, 2015, PrivateKeyEntry,
Certificate fingerprint (MD5): **:**:**:**:**:**:**....
Traying TSA hash algorithm: MD5
and result was the same 403 error
I using latvian smartcard in windows8.1
inside from "internet options" i see 3 certificates: one signature and two authentification certificates, i exported "token signig public key", because other can export only in .cer format
mike unknown
May 31, 2015, 10:33:30 AM5/31/15
to jsig...@googlegroups.com
Sorry, could you help me please. I can't understand what i'm doing wrong in TSA authorization.
Josef Cacek
Jun 1, 2015, 3:58:14 AM6/1/15
to JSignPdf forum
1) Use the https://.. and not the http://..
The client certificate authentication works only for HTTPS protocol.
2) Start with the simplest scenario - don't enable OCSP and CRL when
simple TSA request doesn't work for you.
On Sun, May 31, 2015 at 4:33 PM, mike unknown <kras...@gmail.com> wrote:
> Sorry, could you help me please. I can't understand what i'm doing wrong in
> TSA authorization.
>
The client certificate authentication works only for HTTPS protocol.
2) Start with the simplest scenario - don't enable OCSP and CRL when
simple TSA request doesn't work for you.
On Sun, May 31, 2015 at 4:33 PM, mike unknown <kras...@gmail.com> wrote:
> Sorry, could you help me please. I can't understand what i'm doing wrong in
> TSA authorization.
>
Reply all
Reply to author
Forward
0 new messages