since last Friday we have an issue with trying our code signing SSL.
If we want to sign our code with code signing SSL we always get a timeout message
[15:49:36][Step 5/12] Error information: "SignerTimeStampEx2() failed." (-2147012894/0x80072ee2)
[15:49:36][Step 5/12] SignTool Error: An unexpected internal error has occurred.
If we use other public IP-address, it worked.
Could it be that our public IP-address or segment is being blocked from the timestamp certificate server "http://tsa.starfieldtech.com/" ??
We can't use other timestamp certificate server due to incompatibility with our system.
We already asked GoDaddy Support, but we didn't get any satisfied answer so far. Is anybody know
how we can escalate the issue?
Thanks so much!
Even if we try to open the site http://tsa.starfieldtech.com/ in Browser, we got sometimes
Connection Time out.
I hope that somebody from GoDaddy read this post. I am very disappointing with GoDaddy Support.
Not even a possibility to escalate an issue..:(
I got a reply from starfieldtech:
Thank you for contacting us.
Our time-stamping servers were experiencing an unreasonably high load, so we have instituted a rate-limit.
We now allow about 50 requests per hour from each IP using our service.
If that limit is exceeded, that IP address will be blocked for 3 hours.
If that occurs 5 times in a day, the IP address will be blocked for a week. We are doing this to provide equal reliability and responsiveness to all of the users of our time stamp servers, as these high loads were limiting the availability of our servers to some of our users .
If you are blocked, you will need to wait the time-frames(3 hours to 1 week) before connections to the timestamp server will be allowed again.
In the meantime, you may be able to rely on other publicly available timestamp servers (such as https://freetsa.org)
We are also experiencing issues at our company with the tsa.starfieldtech.com timestamping service.
We purchased the Code Signing certificate from GoDaddy. GoDaddy suggests to use their tsa.starfieldtech.com timestamping service to co-sign binaries.
Now are you blocking us from getting timestamp thus blocking us to digitally sign our binaries?!?!
Is there a whitelist where we could apply to not get our IP addresses blocked?
How can we sign up there?
I am also experiencing the problem:
The issue I have is I am currently debugging a Visual Studio add-in for Microsoft Word. When you start the add-in debug process, it builds the project, signs it with my GoDaddy cert, timestamps it, then executes.
So I am working a very tricky section of code, and I have to continually stop the debug, change code, and restart to check the change. Each time I do this, Visual Studio is going to hit the timestamp url.
Yes, I am doing this 50+ times an hour for the rest of the day.
Word will not load the add-in without a valid cert/timestamp
Please let us work!
another timestamp url:
Have you also seen that this FreeTSA server does not rely on a trusted certificate chain(root certificate)?
I had the same problem with timestamp server from Starfieldtech, so I complained at GoDaddy support and I've also got as feedback to use a different timestamp server like the freetsa.org. I find it a joke that a manufacturer takes our money but refers to the services of another, which does not even correspond to a certain quality.