How to verify the signature TSA of exported documents – Support Center ePost GK

To verify the signature, please follow the steps outlined below:

Step 1: Download the Root and Intermediate certificates from the following link: https://www.bit.admin.ch/bit/en/home/subsites/allgemeines-zur-swiss-government-pki/rootzertifikate/Swiss-Government-Root-CA-iv.html

Step 2: Download the Certificate from this link: https://www.bit.admin.ch/bit/en/home/subsites/allgemeines-zur-swiss-government-pki/tsa-service.html

Step 3: Decode the certificates by entering the following commands in the Command Prompt (Windows) or Terminal (macOS):

Decode Certificates

openssl x509 -inform DER -in RootCAIV.crt -out RootCAIV.pem
openssl x509 -inform DER -in RegulatedCA02.crt -out RegulatedCA02.pem

Step 4: Combine the two .pem files into a single root.pem file.

For Windows:

Windows: Concatenate Files

type RootCAIV.pem RegulatedCA02.pem > root.pem

For Linux and macOS:

Linux/macOS: Concatenate Files

cat RootCAIV.pem RegulatedCA02.pem > root.pem

If these commands are not supported in your environment, you may manually open the RootCAIV.pem and RegulatedCA02.pem files and copy their contents into a new file named root.pem.

How to Verify That the File Has Not Been Altered

Verify the validity of the signature:

openssl ts -verify -data [your_file].pdf -in [your_file].TSR -CAfile root.pem -untrusted TSAcertificate.cer

Test the Procedure Using This DEMO ZIP File:

How to Verify That the File Has Not Been Altered

Test the Procedure Using This DEMO ZIP File:

Related articles