Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging

The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.

Check out The OSR Learning Library at:

Timestamp Servers

Tim_RobertsTim_Roberts Member - All Emails Posts: 13,763

Suddenly (well, not suddenly -- I haven't checked in many weeks), I cannot get a response from any timestamp servers. verisign, globalsign, digicert -- none of them seem to work, either from Visual Studio or from a batch file calling signtool.

They all say
SignTool Error: The specified timestamp server either could not be reached or returned an invalid response.

Is it only me?

Tim Roberts, [email protected]
Providenza & Boekelheide, Inc.


  • MBond2MBond2 Member Posts: 233

    i have had valid responses from digicert as recently as a few minutes ago

  • Wilhelm_NökerWilhelm_Nöker Member Posts: 41

    Globalsign notified me that they will be shutting down their SHA-1 timestamping service on January 26, 2021. That does not seem to explain your problem, but it's another related "joy" to look forward to in the very near future.

  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 373
    via Email
    My guess is an internet issue.
  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,763

    I think the issue is that Verisign has shut down their timestamp service, and I fooled myself into thinking the others weren't responding, either. The MSBuild files in the 8.1 WDK have Verisign hardcoded, but I can override it.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Mark_RoddyMark_Roddy Member - All Emails Posts: 4,391
    via Email
    I abandoned the builtin signing a long time ago for this reason. Even when
    it was up, the owners of the verisign server took it down whenever they
    felt like it and builds would fail.
    Mark Roddy
  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,763

    Interesting. In 15 years of signing, that has never happened to me, until this month.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • MBond2MBond2 Member Posts: 233

    Yes the very obsolete DNS names have recently been retired. I had one project that still referenced them and I want to say that it started to fail in mid-December but I'm not sure exactly when.

    I have never used the built-in signing as I always found it unreliable. Of course when VS started to support it, I already had scripts to call signtool on the command line, so after a brief test that did not work, I did not put any more effort into it so my assessment is probably not a fair one

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 7 Dec 2020 LIVE ONLINE
Internals & Software Drivers 25 Jan 2021 LIVE ONLINE
Developing Minifilters 8 March 2021 LIVE ONLINE