java - 故障转移到 CRL:证书未指定 OCSP 响应者
问题描述
我已将 CA、中间 CA 导入到 java 受信任的存储(cacerts),看起来除了 Java 控制台中的以下异常母猪之外,所有的东西都在工作。
security: Loaded certificates from Deployment session certificate store
security: Failing over to CRLs: Certificate does not specify OCSP responder
network: Connecting http://localhost:389/ with proxy=DIRECT
security: Revocation Status Unknown
com.sun.deploy.security.RevocationChecker$StatusUnknownException: Certificate does not specify OCSP responder
at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
at com.sun.deploy.security.RevocationCheckHelper.checkRevocationStatus(Unknown Source)
at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTrusted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source)
at sun.security.ssl.SSLHandshake.consume(Unknown Source)
at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
at sun.security.ssl.TransportContext.dispatch(Unknown Source)
at sun.security.ssl.SSLTransport.decode(Unknown Source)
at sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at sun.plugin.PluginURLJarFileCallBack.connect(Unknown Source)
at sun.plugin.PluginURLJarFileCallBack.retrieve(Unknown Source)
at sun.net.www.protocol.jar.URLJarFile.retrieve(Unknown Source)
at sun.net.www.protocol.jar.URLJarFile.getJarFile(Unknown Source)
at sun.net.www.protocol.jar.JarFileFactory.get(Unknown Source)
at sun.net.www.protocol.jar.JarURLConnection.connect(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.getContentLength(Unknown Source)
at sun.plugin.cache.JarCacheUtil.preload(Unknown Source)
at sun.plugin2.applet.Applet2Manager._loadJarFiles(Unknown Source)
at sun.plugin2.applet.Applet2Manager.loadJarFiles(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Suppressed: com.sun.deploy.security.RevocationChecker$StatusUnknownException
at com.sun.deploy.security.RevocationChecker.checkCRLs(Unknown Source)
... 35 more
我不确定它为什么要寻找 http://localhost:389 ,这有什么问题?
我的 CA 证书在传递 CRL 证书时是否有任何错误?
我复制并粘贴了证书中提到的 crl 站点,并且该站点也无法访问。
请帮助并提前致谢
解决方案
推荐阅读
- .net-core - Postman 收到 ASP.NET Core Web API 的 404 错误
- bash - 从 bash 安装基础 docker 映像
- android - 签署我的应用程序时无法创建密钥
- json - 错误类型错误:无法读取未定义休息服务的属性“名称”
- c# - Drawtext 给出 '?' 对于一些土耳其字符
- websocket - Nest.js 中特定路由上的 WebSocket
- deep-learning - 是否可以用层替换卷积神经网络中的损失函数?
- python - 如何从 omsnx 图中选择子图?
- ios - SwiftUI:将多个 BindableObjects 放入环境
- android - 如何转换作为字符串的日期并在android中分配一些格式