ID:	7111	Fixed in:
Issue Date:	2017-02-24 11:05 AEST	Owner:	CVS Support
Last Modified:	2017-02-24 12:05 AEST	Reporter:	Arthur Barrett
Current Est.	0.0 hours	% Complete:	0.0
Status:	NEW /	Severity:	normal

Affected:	2.8.02
Description:	test SHA1 codesigning

Actions:

2017-02-24 11:05 AEST by Arthur Barrett - It looks like some SHA1 codesign timestamp servers are being taken away:
 https://timestamp.geotrust.com/tsa

and replaced with 'legacy' ones:
 http://sha1timestamp.ws.symantec.com/sha1/timestamp

Of course our SHA2 stamped installers (works with Win 7 etc.) already are using SHA256 time stamping, but 
the XP installer cannot use SHA2.  The actual binaries are signed with both SHA1 and SHA2 stamps.

Symantec say that by April 2017, we will decommission the "Legacy" timestamping service (see url).  All Code 
Signing customers must migrate to the "new" service URLs by March 31, 2017 in order to avoid service 
disruption.

Query page