Configure Authenticode Timestamp | Nexus Documentation

The Nexus Timestamp Server (starting version 2.3.0) supports time stamping Microsoft Authenticode signatures. The distribution contains a sample Authenticode time stamp service, located in the <conf>/services/authenticodesample directory.

An Authenticode signature time stamping service is configured with the following steps:

Add Authenticode Policies configuration. For more information, see Policies used in Nexus Timestamp Server .
Add Authenticode Chain configuration. For more information, see Filter chains used in Nexus Timestamp Server .
Add AcTimestampTokenFilter configuration in service.properties. For more information, see AcTimestampTokenFilter in Description of filters in Nexus Timestamp Server .

Example

Here is an example of triggering Authenticode signature time stamping request using PowerShell cmdlet Set-AuthenticodeSignature:

Set-AuthenticodeSignature -FilePath "<directory-of-the-to-be-signed-file>" -Certificate "<path_to_signer.p12>" -HashAlgorithm <SHA256> -TimeStampServer "http://<timestamp-server>:<port>/"

Additional information

Useful external links

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-authenticodesignature?view=powershell-7.4