Copy link to clipboard
Copied
I'm trying to package my ZXP using Mac OS Yosemite 10.10.5.
I've always been able to successfully create the ZXP with the command:
./ZXPSignCmd -sign project-folder/ ProjectName.zxp certificate.p12 password -tsa https://timestamp.geotrust.com/tsa
However, for the last few days I've been getting this error:
Error - cannot contact the chosen TSA. Please make sure the URL is valid and that you are connected to the internet.
When I ping timestamp.geotrust.com I get timeouts. Is geotrust down, or am I doing something wrong? I've tried Googling this, and am yet to find a thread about it that came to a resolution.
Hi Dan,
Sorry I don't know of other providers but I would suggest you think about not using a TSA, it might make things simpler. In a perfect world I would love to get away from the need for certificates and consider something else like an API key. It's something we are looking into.
Jonathan
Copy link to clipboard
Copied
Also before anyone asks, yes I am connected to the internet, as evident by me being able to post this thread .
Copy link to clipboard
Copied
Hi Dan,
I heard from other developers that the timeserver you mentioned seems to be down. You may want to consider using a self signed certificate, the downside is that it won't last as long but it would let you test it. The other option would be to consider a different TSA provider.
Hope that helps.
Copy link to clipboard
Copied
Thanks Jonathan.
I believe I already am using a self-signed certificate (I created one using ZXPSignCmd), and that's what I've always done. I guess I can try a different tsa provider, but I thought that Adobe Exchange had issues with other providers other than geotrust (at least that what it seemed like when I tried Googling this issue). Do you know of any providers that may work?
Thanks
Copy link to clipboard
Copied
Hi Dan,
Sorry I don't know of other providers but I would suggest you think about not using a TSA, it might make things simpler. In a perfect world I would love to get away from the need for certificates and consider something else like an API key. It's something we are looking into.
Jonathan
Copy link to clipboard
Copied
Ok, it works without the tsa, but I thought that time-stamping was required for distributing the extension on Adobe Exchange. Is that not the case?
Copy link to clipboard
Copied
No a TSA is not required. It's main benefit is that it should last a really ling time but that's assuming the TSA does not go down!
You can create a cert using the tool you mentioned, or the Exchange Packager app, Configurator or elsewhere.
Hope that helps.
Copy link to clipboard
Copied
Ok thanks.
Copy link to clipboard
Copied
Symantec has dropped support for the Legacy timestamp service as explained in the following post: https://knowledge.symantec.com/support/partner/index?page=content&id=NEWS10071&viewlocale=en_US
I changed the timestamp service to http://sha256timestamp.ws.symantec.com/sha256/timestamp
and it worked for me.
Copy link to clipboard
Copied
Using the TSA suggested by mikig2 I get the following message:
Error - the timestamp returned from the chosen TSA could not be verified, so the ZXP created is likely to be rejected by other tools. Please recreate your ZXP with a different trusted TSA.
But using the the following URL, that I found on a page where mikig's URL was also mentioned, I got the message "signed successfully", and the extension worked on my client's computer:
http://sha1timestamp.ws.symantec.com/sha1/timestamp
SHA-1 and SHA-256 seems to be the difference, and for me the SHA-256 link did not work.
Copy link to clipboard
Copied
i'm getting the "the timestamp returned from the chosen TSA could not be verified" on the mac.
i've tried every version of zxpsigncmd with every url for a tsa i could find.