Windows nuget.exe NU3018 RevocationStatusUnknown

[mwpowellhtx]

Running against the latest nuget.exe at the time of this writing, trying to sign a NuGet package. Names and passwords and such obfuscated for purposes of this question, but I attempt the following. Key highlights, trying to certify against the exported PFX from my internal CA manager. Yes, the algo is SHA512, AFAIK.

D:\Source\myproject\working\src\myproject> nuget sign bin\Release\myproject.1.0.0.nupkg -CertificatePath ..\..\..\myorg.pfx -HashAlgorithm SHA512 -Timestamper http://timestamp.digicert.com

The package is being signed, apparently, excepting for the NU3018 warning.

WARNING: NU3018: RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.

We are using XCA, for instance, to run our CA internally. For my own edification, what specs should I relay to signing? And/or how should we best specify our certs, SHA, etc? We have control over many of the parameters contributing to a cert, the only question is how is NuGet opinionated over what those parameters should be.

Perhaps also clarifying the commentary warning:

NuGet.org does not accept packages signed with self-issued certificates.

Of course we want to do more than a test certificate. This is heading into production, distribution. Are we even able to self certify?

Similar in nature, I think, to the ubuntu-linux question presented along similar lines.

[mwpowellhtx]

Is it possible, for instance, to run our own -Timestamper? Is there a published nuget API for this?