webstart-maven-plugin can not sign jar due to timestamp request rejection

Question

We have a project using webstart-maven-plugin to create a Java Webstart JNLP artefact.

But on maven compile I always get

[ERROR] Failed to execute goal org.codehaus.mojo:webstart-maven-plugin:1.0-beta-6:jnlp-download-servlet (default) on project webstart: Could not sign jar ...\target\jnlp\libs\unprocessed_commons-codec-1.10.jar, use -X to have detail of error

Running with with -X reveals:

jarsigner: unable to sign jar: java.io.IOException: Error generating timestamp: the timestamp request was rejected. Unrecognized or unsupported algorithm identifier.

Due to this bug I updated my JDK to 1.8 (just for testing purposes, since I currently still need 1.7 for the product):

java -version  
java version "1.8.0_172"  
Java(TM) SE Runtime    Environment (build 1.8.0_172-b11)

but still I'm getting the error above.

To get the timestamp we are using the URL http://sha1timestamp.ws.symantec.com/sha1/timestamp, see maven plugin config below.

My problem is: For my colleages it works, they have same Java version, same maven project setup etc. Therefore it has to be a problem in my local environment. Any ideas?

<plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>webstart-maven-plugin</artifactId>
    <version>1.0-beta-6</version>
    <executions>
        <execution>
            <phase>process-resources</phase>
            <goals>
                <goal>jnlp-download-servlet</goal>
            </goals>
        </execution>
    </executions>
    <configuration>
        <outputJarVersions>true</outputJarVersions>
        <outputDirectoryName>webstart</outputDirectoryName>
        <excludeTransitive>false</excludeTransitive>
        <templateDirectory>src/main/resources/jnlp</templateDirectory>
        <libPath>libs</libPath>
        <verbose>true</verbose>
        <unsignAlreadySignedJars>true</unsignAlreadySignedJars>
        <jnlpFiles>
            <jnlpFile>
                <templateFilename>abc.vm</templateFilename>
                <outputFilename>abc.jnlp</outputFilename>
                <jarResources>
                    ...
                </jarResources>
            </jnlpFile>
        </jnlpFiles>
        <sign>
            <keystore>${pathKeystore}</keystore>
            <storepass>${passstore}</storepass>
            <keypass>${passkey}</keypass>
            <alias>${alias}</alias>
            <tsaLocation>${tsaLocation}</tsaLocation>
            <arguments>
                <argument>-J-Djavax.net.ssl.trustStore=${project.build.directory}/../myTruststore.jks</argument>
                <argument>-J-Djavax.net.ssl.trustStorePassword=myPassword</argument>
                <argument>-J-Djavax.net.ssl.keyStore=${project.build.directory}/../myTruststore.jks</argument>
                <argument>-J-Djavax.net.ssl.keyStorePassword=myPassword</argument>
                <argument>-J-Dhttps.proxyHost=proxy.mycompany.com</argument>
                <argument>-J-Dhttps.proxyPort=3128</argument>
                <argument>-J-Dhttp.proxyHost=proxy.mycompany.com</argument>
                <argument>-J-Dhttp.proxyPort=3128</argument>
            </arguments>

        </sign>
        <unsign>true</unsign> <!-- unsign already signed packages and sign them with own key -->
    </configuration>
</plugin>

...         
<tsaLocation>http://sha1timestamp.ws.symantec.com/sha1/timestamp</tsaLocation>  

Answer 1

Build works when I remove

<tsaLocation>${tsaLocation}</tsaLocation>

from the sign configuration --> no timestamp is fetched from the timestamp server, but the jars are signed.