时间戳

首页 > 解决方案 > 故障转移到 CRL:证书未指定 OCSP 响应者

java - 故障转移到 CRL:证书未指定 OCSP 响应者

问题描述

我已将 CA、中间 CA 导入到 java 受信任的存储(cacerts),看起来除了 Java 控制台中的以下异常母猪之外,所有的东西都在工作。

security: Loaded certificates from Deployment session certificate store
security: Failing over to CRLs: Certificate does not specify OCSP responder
network: Connecting http://localhost:389/ with proxy=DIRECT
security: Revocation Status Unknown
com.sun.deploy.security.RevocationChecker$StatusUnknownException: Certificate does not specify OCSP responder
    at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
    at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
    at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
    at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
    at com.sun.deploy.security.RevocationCheckHelper.checkRevocationStatus(Unknown Source)
    at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
    at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTrusted(Unknown Source)
    at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
    at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source)
    at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source)
    at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source)
    at sun.security.ssl.SSLHandshake.consume(Unknown Source)
    at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
    at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
    at sun.security.ssl.TransportContext.dispatch(Unknown Source)
    at sun.security.ssl.SSLTransport.decode(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
    at sun.plugin.PluginURLJarFileCallBack.connect(Unknown Source)
    at sun.plugin.PluginURLJarFileCallBack.retrieve(Unknown Source)
    at sun.net.www.protocol.jar.URLJarFile.retrieve(Unknown Source)
    at sun.net.www.protocol.jar.URLJarFile.getJarFile(Unknown Source)
    at sun.net.www.protocol.jar.JarFileFactory.get(Unknown Source)
    at sun.net.www.protocol.jar.JarURLConnection.connect(Unknown Source)
    at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
    at sun.plugin.net.protocol.jar.CachedJarURLConnection.getContentLength(Unknown Source)
    at sun.plugin.cache.JarCacheUtil.preload(Unknown Source)
    at sun.plugin2.applet.Applet2Manager._loadJarFiles(Unknown Source)
    at sun.plugin2.applet.Applet2Manager.loadJarFiles(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Suppressed: com.sun.deploy.security.RevocationChecker$StatusUnknownException
        at com.sun.deploy.security.RevocationChecker.checkCRLs(Unknown Source)
        ... 35 more

我不确定它为什么要寻找 http://localhost:389 ,这有什么问题?

我的 CA 证书在传递 CRL 证书时是否有任何错误?

我复制并粘贴了证书中提到的 crl 站点,并且该站点也无法访问。

请帮助并提前致谢

标签: javasslappletkeystore

解决方案

推荐阅读