Demo WebApp Signature Extension service produces erroneous T and LTA signature extensions

[marvinruder]

When trying to use the “Extend a signature” feature with a PDF document containing a PAdES qualified electronic signature together with the levels PAdES-BASELINE-T or PAdES-BASELINE-LTA, the following messages appear when validating the signatures (also using Demo WebApp):

The certificate is not related to a TSA/QTST!
The result of the timestamps validation process is not conclusive!
The algorithm is no longer considered reliable!

Validating the signed document before extending the signature produces no errors.

Diagnostic XML files and detailed validation reports are available here.

[bsanchezb]

Hello,

The problem is not DSS, but the chosen TSA (i.e. Belgian TSA). It was included into DSS demo webApp exclusively for demonstration purposes. If you want to use DSS in production as a timestamping service, you will need to subscribe to a real TSP and provide it within configuration file to DSS.

Best regards, Aleksandr.