New TSA certificate is uploaded but does not work.
Error: TS_RESP_CTX_set_signer_cert:invalid signer certificate purpose
For the TSA certificate, the X509v3 Extended Key Usage attribute must be enabled and set to critical. Also, its default value must be set to Time Stamping.
In case of using OpenSSL to generate the certificate add the following option to the TSA section of the OpenSSL configuration file and generate a new certificate.
extendedKeyUsage = critical,timeStamping