Follow the steps below to issue a timestamping certificate using the Certificate Authority solution provided by Cryptographic Security Platform.
Creating a Certificate Authority to issue timestamping certificates
Follow the steps described in Managing Certificate Authority to create:
- A root Certificate Authority.
- An issuing Certificate Authority with at least one signature profile – for example, the wstep-digital-signatureprofile described in Active Directory (WSTEP) certificate profiles.
Creating a timestamping certificate request
Create a CA Gateway certificate enrollment request – for example:
{ "csr": "MIIDVzCCAb8...", "profileId": "wstep-digital-signature",  "requiredFormat": { "format": "X509"  }, "optionalCertificateRequestDetails": { "extensions": [      { "oid": "2.5.29.37", "critical": true, "value": "1.3.6.1.5.5.7.3.8"      }    ], "validity_period": "2024-11-06T13:00Z/2026-07-06T13:00:00Z"  }}See below for the values required by each request field.
| Field | Line | Value | 
|---|---|---|
| csr | 2 | The base64-encoded Certificate Signing Request previously generated in Generating a timestamping key pair as a single line. | 
| extensions | 8 | The same fields and values as in the above example (to select the timestamping extended key usage). | 
| validity_period | 15 | The validity period for the issued certificate. The expiry date in this period cannot exceed the expiry date of the issuing CA certificate. | 
Processing the timestamping certificate request
See below for processing the timestamping certificate request and obtaining the issued certificate.
To process the timestamping certificate request
- Use a REST client to process the request as explained in Issuing certificates with a REST client.
- Edit the REST response and copy the base64-encoded string in the bodyfield.
- Save the string in a file with the  -----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----delimiters – for example:-----BEGIN CERTIFICATE-----MIIIcDCCBligAwIBAgITMwEf/Fvr7NDwanyeRAAAAR/8WzANBgkqhkiG9w0BAQwFADBdMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u...UdO85g==-----END CERTIFICATE-----
- Use this certificate file as the TSA certificate when configuring the solution.