CNX Time Stamping Authority

RFC 3161 compliant timestamping. Every response embeds the full signing chain (signer → TSA intermediate → root CA) — verification never requires contacting CNX. See Policy for the governing Timestamp Policy document, and Validation for how to check a token independently.

Endpoints

DomainUse
https://free.tsa.cnx.net.khOpen use — best-effort, no SLA
https://cnx.tsa.cnx.net.khSubscriber — sealed audit log, contact noc@cnx.net.kh

Create a timestamp

Add this function to any shell script. Call stamp <file> after producing the file you want to timestamp. The token is written to <file>.tsr.

stamp() {
  openssl ts -query -data "$1" -sha256 -cert | \
    curl -sf -X POST -H "Content-Type: application/timestamp-query" \
      --data-binary @- https://free.tsa.cnx.net.kh -o "${1}.tsr"
}

stamp report.pdf

More integration patterns (backups, audit logs, release artifacts, code signing) on the Examples page.