Use a time-stamp authority
A time-stamp authority (TSA) provides trusted, cryptographically secure time-stamp information. This time-stamp information can be used to apply a digital time-stamp to a document, which verifies that the document existed at a point in time, and that the content of the document has not been changed.
The TSA must support the time-stamp protocol as defined in the IETF RFC 3161.
The GlobalSign and Swisscom cryptographic providers have their own TSA with which the user can generate trusted time-stamp information. The Built-in and PKCS#11 cryptographic providers require a third-party TSA to be configured.
To configure the TSA, you must pass the URI of the TSA to the cryptographic provider and call the CreateTimestamp method.
Time-stamp authority URI
When applying a digital time-stamp to a document, the time-stamp authority (TSA) URI must be passed to the cryptographic provider in the TimestampUrl property.
The TimestampUrl property value must be a URI with the following elements:
http[s]://[‹user›[:‹password›]@]‹host›[:‹port›][/‹resource›]
Where:
http/https: Protocol for connecting to the TSA.‹user›:‹password›(optional): Credentials for connecting to the TSA (basic authorization).‹host›: Hostname of the TSA.‹port›: Port for connecting to the TSA.‹resource›: The resource.
HTTPS connections
When connecting to the time-stamp authority using HTTPS (SSL/TLS) communication, the server certificate's trustworthiness is verified using the system's default trust store (CA certificate store). For information about configuring the trust store, see Configure HTTPS connections.
Proxy server
In a secured environment, the firewall must be configured to allow a connection to the time-stamp authority. If a proxy server is used, the following MIME types must be supported:
application/timestamp-queryapplication/timestamp-reply