Verification
Verification proves that a document existed in its exact form at the time stated in the timestamp. It works completely offline once you have the CA certificates.
With openssl
# Download CA certificates (once)
curl -s https://open-tsa.eu/certs/ca.crt -o ca.crt
curl -s https://open-tsa.eu/certs/fullchain.pem -o chain.pem
# Verify timestamp against document
openssl ts -verify
-in response.tsr
-queryfile request.tsq
-CAfile ca.crt
-untrusted chain.pem
Verification: OK
View timestamp details
openssl ts -reply -in response.tsr -text
Long-term validity (LTV)
Timestamps issued by Open TSA remain verifiable indefinitely — even after the TSA Signing Certificate expires (April 2028) or after a CA rotation.
The verification checks: “Was the signing certificate valid at the time of the timestamp?” — not whether it is valid today. As long as you have the CA certificates from the time of issuance, verification will always succeed.
Best practice: Store
ca.crt, fullchain.pem, request.tsq, and response.tsr alongside your document in a long-term archive.