To test the Timestamping Authority service, you can send timestamp requests as follows.
Creating the timestamp request
Create the timestamp request. For example:
openssl ts -query -data data.txt -sha256 -cert -out tsareq.tsqSee below for a description of each option.
Parameter | Description |
|---|---|
-data <file> | Create a timestamp request for the data in the |
-sha256 | Use the SHA256 algorithm to hash the data. |
-cert | Add to the response the certificate described in Issuing a timestaping certificate. |
-out <file> | Save the generated request in the |
The command saves the request in the tsareq.tsq file.
Validating the timestamp request
Validate the generated request.
openssl ts -query -in tsareq.tsq -textSending the request to Timestamping Authority
Send the timestamp request to Timestamping Authority. For example:
curl -H "Content-Type: application/timestamp-query" -H "Accept: application/timestamp-reply" --data-binary "@tsareq.tsq" http://<machine>/tsa/<issuerID> --output tsaresp.tsrWhere:
<machine>is the IP address or domain name of the Entrut PKI Hub node hosting Timestamping Authority.<issuerID>is the value of the Issuer ID configuration parameter.
The command saves the response in the tsaresp.tsr file.
Parsing the timestamp response
Parse the timestamp response to validate the format.
openssl ts -reply -in tsaresp.tsr -textVerifying the response against the data
Verify the timestamp response against the original data.
openssl ts -verify -in tsaresp.tsr -CAfile ca.pem -data data.txtWhere ca.pem is the Certificate Authority certificate for validating the certificate described in Issuing a timestaping certificate.
Verifying the response against the request
Verify the response against the timestamp request.
openssl ts -verify -in tsaresp.tsr -CAfile ca.pem -queryfile tsareq.tsq