Trusted Timestamping

Trusted timestamping is a process that log files (but in general any document) undergo in order to track and certify their origin and compliance to the original. In other words, trusted timestamping allows to certify and verify that a log file has not been modified in any way by anyone, not even the original author. In the case of log files, trusted timestamping proves useful for example, to verify the accesses to the system or the connections from the VPN users, even in cases of independent audits.

Trusted timestamping is not enabled by default, but its activation only requires a click on the grey switch. When it turns green, some configuration options will show up.

Timestamp server URL

The URL of the timestamp server (also called TSA) is mandatory, since it will be this server that signs the log files.

Note

A valid URL of a valid TSA is needed to be able to use trusted timestamping. Several Companies can supply this kind of service.

HTTP authentication

If the timestamp server requires to authenticate, tick the box below the HTTP authentication label.

Username

The username used to authenticate on the timestamp server.

Password.

The password used to authenticate on the timestamp server.

Public key of the timestamping server

To ease and to make the communication with the server more secure, the server’s public key can be imported. the certificate file can be searched on the local computer by clicking on the Browse… button, and then uploaded to the UTM by clicking on the Upload button. After the certificate has been stored, next to the Public key of the timestamping server label, a Download link will appear, that can be clicked to retrieve the certificate, for example if it should be installed on another UTM.

After clicking on the Save button, the settings are stored and, on the next day, a new button will appear in the Logs section, on the right-hand side of the Settings box:

Verify log signature

When clicked it will show a message in a yellow callout to inform about the status of the log.

See also

The official OpenSSL timestamping documentation and RFC 3161, the original definition of the Time Stamp Protocol.