When i tried to build today i got an invalid response from out timeserver. This seems to be caused by the windows-latest buildagent being upgraded to 2022. And the following can be read from the ssl.com timestamp server requirements for signtool.
Note: Be sure to use SignTool’s /tr option (specify URL of RFC 3161 time stamp server), not /t (URL of time stamp server), which is incompatible with SSL.com’s timestamp server.
Note: The /td option must follow the /tr option. If the time stamp digest algorithm is specified before the time stamp server, the default SHA-1 algorithm will be used. Windows 10 SDK, HLK, WDK, and ADK builds 20236 and above require use of /tr when timestamping. SHA256 is recommended over SHA1 for security.
And if i look in my buildlog the command that is run is the following:
D:\a_tasks\codesigning\2.2.0\signtool.exe sign /fd SHA256 /t http://ts.ssl.com/ /f D:\a_temp\codesigning.pfx /p *** D:\a\1\s\output\server\private\File.dll
I tried using the windows-2019 image instead but it still fails so it seems they updated signtool there aswell. So ill sign manually for now.
Is there a way to change this? Else it needs to be updated. Thanks
When i tried to build today i got an invalid response from out timeserver. This seems to be caused by the windows-latest buildagent being upgraded to 2022. And the following can be read from the ssl.com timestamp server requirements for signtool.
Note: Be sure to use SignTool’s /tr option (specify URL of RFC 3161 time stamp server), not /t (URL of time stamp server), which is incompatible with SSL.com’s timestamp server.
Note: The /td option must follow the /tr option. If the time stamp digest algorithm is specified before the time stamp server, the default SHA-1 algorithm will be used. Windows 10 SDK, HLK, WDK, and ADK builds 20236 and above require use of /tr when timestamping. SHA256 is recommended over SHA1 for security.
And if i look in my buildlog the command that is run is the following:
D:\a_tasks\codesigning\2.2.0\signtool.exe sign /fd SHA256 /t http://ts.ssl.com/ /f D:\a_temp\codesigning.pfx /p *** D:\a\1\s\output\server\private\File.dll
I tried using the windows-2019 image instead but it still fails so it seems they updated signtool there aswell. So ill sign manually for now.
Is there a way to change this? Else it needs to be updated. Thanks