View Full Version : Specify timestamp server URL when signing files in ISE 2008?

12-17-2008, 05:36 PM
Does ISE 2008 specify a timestamp server when signing files?

If so, is there a way to explicitly specify the timestamp server URL that is passed to signtool.exe? Our certificate is from Comodo, not Verisign...

I could manually sign our own executables and the setup.exe outside of ISE, but I also want to sign the .msi file, and so I’m trying to get this done via the ISE 2008 “signing tab”. But I can't find anywhere to set the timestamp server URL. ISE 2009 apparently has added a setting for this in Settings.xml, but that doesn't help my situation with ISE 2008...

Alternatively, is there a way to get at the command line used by ISE 2008 when it invokes signtool.exe?

Thanks in advance for any help or suggestions,


12-17-2008, 06:25 PM
I don't think you're required to use the Comodo timestamp server just because it's a Comodo certificate, but you're out of luck on built in methods for changing this. The only workaround I can think of would be to create your own signtool.exe, which replaces and calls a backup of the one we provide, reinterpreting the command-line parameters to modify the timestamp server.

08-21-2009, 03:16 AM
Is it really necesaary to have the files timestamped? Our internet connection was down and we were not able to connect to the timestamp server so all our builds resulted in warnings and errors.

I would like to have the option to turn of the timestamping

08-21-2009, 11:11 AM
In IS2009 and later there's a setting to change or remove the timestamp server - we added this for the reasons you mention.

We default to timestamping your files because without a timestamp, the signature expires the same time that your certificate expires. As certificates are often granted for a single year, this is far too early an expiration for most uses. With the timestamp, the signature doesn't expire until the timestamp certificate expires, which is generally at least several years further down the road.