Known Participant

Answered

Cannot contact the chosen TSA while trying to create ZXP

Forum|Forum|8 years ago
April 26, 2017
3 replies
3277 views

I'm trying to package my ZXP using Mac OS Yosemite 10.10.5.

I've always been able to successfully create the ZXP with the command:

./ZXPSignCmd -sign project-folder/ ProjectName.zxp certificate.p12 password -tsa https://timestamp.geotrust.com/tsa

However, for the last few days I've been getting this error:

Error - cannot contact the chosen TSA. Please make sure the URL is valid and that you are connected to the internet.

When I ping timestamp.geotrust.com I get timeouts. Is geotrust down, or am I doing something wrong? I've tried Googling this, and am yet to find a thread about it that came to a resolution.

This topic has been closed for replies.

Correct answer Jonathan Ferman

Hi Dan,

Sorry I don't know of other providers but I would suggest you think about not using a TSA, it might make things simpler. In a perfect world I would love to get away from the need for certificates and consider something else like an API key. It's something we are looking into.

Jonathan

mikig2

Participant

Symantec has dropped support for the Legacy timestamp service as explained in the following post: https://knowledge.symantec.com/support/partner/index?page=content&id=NEWS10071&viewlocale=en_US

I changed the timestamp service to http://sha256timestamp.ws.symantec.com/sha256/timestamp

and it worked for me.

Andreas Jansson

Inspiring

Using the TSA suggested by mikig2 I get the following message:

Error - the timestamp returned from the chosen TSA could not be verified, so the ZXP created is likely to be rejected by other tools. Please recreate your ZXP with a different trusted TSA.

But using the the following URL, that I found on a page where mikig's URL was also mentioned, I got the message "signed successfully", and the extension worked on my client's computer:

http://sha1timestamp.ws.symantec.com/sha1/timestamp

SHA-1 and SHA-256 seems to be the difference, and for me the SHA-256 link did not work.

M

mecdos

Inspiring

i'm getting the "the timestamp returned from the chosen TSA could not be verified" on the mac.

i've tried every version of zxpsigncmd with every url for a tsa i could find.

Jonathan Ferman

Community Manager

Hi Dan,

I heard from other developers that the timeserver you mentioned seems to be down. You may want to consider using a self signed certificate, the downside is that it won't last as long but it would let you test it. The other option would be to consider a different TSA provider.

Hope that helps.

danf54117184Author

Known Participant

Thanks Jonathan.

I believe I already am using a self-signed certificate (I created one using ZXPSignCmd), and that's what I've always done. I guess I can try a different tsa provider, but I thought that Adobe Exchange had issues with other providers other than geotrust (at least that what it seemed like when I tried Googling this issue). Do you know of any providers that may work?

Thanks

Jonathan Ferman

Correct answer

Community Manager

Hi Dan,

Sorry I don't know of other providers but I would suggest you think about not using a TSA, it might make things simpler. In a perfect world I would love to get away from the need for certificates and consider something else like an API key. It's something we are looking into.

Jonathan

danf54117184Author

Known Participant

Also before anyone asks, yes I am connected to the internet, as evident by me being able to post this thread .

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded