RFC 3161 compliant timestamping. Every response embeds the full signing chain (signer → TSA intermediate → root CA) — verification never requires contacting CNX. See Policy for the governing Timestamp Policy document, and Validation for how to check a token independently.
| Domain | Use |
|---|---|
| https://free.tsa.cnx.net.kh | Open use — best-effort, no SLA |
| https://cnx.tsa.cnx.net.kh | Subscriber — sealed audit log, contact noc@cnx.net.kh |
Add this function to any shell script. Call stamp <file> after producing the file you want to timestamp. The token is written to <file>.tsr.
stamp() {
openssl ts -query -data "$1" -sha256 -cert | \
curl -sf -X POST -H "Content-Type: application/timestamp-query" \
--data-binary @- https://free.tsa.cnx.net.kh -o "${1}.tsr"
}
stamp report.pdf
More integration patterns (backups, audit logs, release artifacts, code signing) on the Examples page.