Repository of Timestamp Public Key Certificates
- Current Public Key certificates
- History of Public Key certificates
- Root certificate and how public keys are organized
- Web addresses / URL for timestamp servers
- Test / Evaluation TSA public key certificates
Here is other Repository information.
We replace certificates and signing keys about every 6 months. The prior / older Public Key certificates are here.
Timestamp public key certificate for " TSA 1 "
- Server's External Audit certificate dgs100.cer (new as of September 10, 2016)
- Timestamp certificate dgs100.32769.cer (new as of September 10, 2016)
Timestamp public key certificate for " TSA 2 "
- Server's External Audit certificate dgs91.cer
- Timestamp certificate dgs91.32788.cer (new as of June 23, 2016)
The public keys are provided for independent verification of the timestamps created by the DigiStamp timestamp servers. Each public key is provided as a standard x.509 certificate. The public keys are used to verify the digital signature contained in a timestamp. These certificates are commonly contained within each timestamp and they are also provided here for convenience.
Click here for additional information about what you need to verify a timestamp.
DigiStamp Root CA Certificate
The root certificate can be downloaded and added to your software. For example, Adobe Acrobat signing tools. The DigiStamp CA certificate:
The certificate's SHA-1 value can be used to confirm an accurate download:
Alternatively, the Root Certificate and collection of Server Audit Certifcates can be downloaded in a single PEM file dgs_bundle_ca80.pem.
To review your options for integrating the chain of authority of these certificates with your enterprise CA then click here.
Timestamp key life cycle
The timestamp key-pairs are replaced frequently within the certified hardware device. The frequency is one year or after one million timestamps are created with the key-pair. Each event of "rekeying of the TSA key" results in the cryptographic module creating and signing a new x.509 public key certificate. The previous timestamp private key is destroyed at the time of rekeying. The timestamps created with that private key are authenticated using the x.509 public key certificate. More details are here where we describe that the timestamp private key cannot be extracted from the certified hardware device.
The time stamp servers are available to generate production time stamps:
New Option - https://www.digistamp.com/TSA at IP address 184.108.40.206
"TSA1" - https://tsa1.digistamp.com/TSA at IP address 220.127.116.11
"TSA2" - https://tsa2.digistamp.com/TSA at IP address 18.104.22.168
The above servers use HTTP authentication to your DigiStamp account. Use of SSL (https:) is optional.