仅在mac OSX10.7 (Lion)上吊销Java签名的小程序证书
提问于 2011-07-29 04:23:06
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading Root CA certificates from from keychain
security: Loaded Root CA certificates from from keychain
security: Validate the certificate chain using CertPath API
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: jpicertstore.cert.getkeystore
security: No timestamping info available
security: Cannot find jurisdiction list file
security: The CRL support is enabled
security: PC Operating Center
security: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.thawte.com/ThawteCodeSigningCA.crl]
]]
security: Thawte Code Signing CA
security: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.thawte.com/ThawtePremiumServerCA.crl]
]]
security: Use CRL setting from certificate
security: The OCSP support is enabled
security: PC Operating Center
security: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.thawte.com]
]
security: This certificate does not have AIA extension
security: Use OCSP setting from certificate
network: Cache entry not found [url: http://crl.thawte.com/ThawtePremiumServerCA.crl, version: null]
network: Connecting http://crl.thawte.com/ThawtePremiumServerCA.crl with proxy=DIRECT
network: Connecting http://crl.thawte.com:80/ with proxy=DIRECT
network: Downloading resource: http://crl.thawte.com/ThawtePremiumServerCA.crl
Content-Length: 181,278
Content-Encoding: null
network: Wrote URL http://crl.thawte.com/ThawtePremiumServerCA.crl to File /Users/koutbo6/Library/Caches/Java/cache/6.0/38/2fb889a6-30a08967-temp
network: Connecting http://ocsp.thawte.com/ with proxy=DIRECT
network: Connecting http://ocsp.thawte.com:80/ with proxy=DIRECT
network: CleanupThread used 990300 us
network: Connecting http://ocsp.thawte.com/ with proxy=DIRECT
network: Connecting http://ocsp.thawte.com:80/ with proxy=DIRECT
security: This certificate has been revoked
Ignored exception: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate has been revoked我将感谢任何关于如何让签名的小程序在Lion上工作的提示。
更新:
以下是证书的序列号: 28 A9 29 38 64 0D FC 5D 1D 05 CE 7F 1D 81 E0
我注意到以下情况,在雪豹上,如果我进入java首选项的高级设置,并启用“使用CRL检查证书吊销”,我会得到与lion相同的问题。
我检查了lion java首选项,该选项已禁用,但证书仍被吊销。
回答 2
Stack Overflow用户
回答已采纳
发布于 2011-08-05 08:50:27
也许Java在"Keychain Access“应用程序中使用了全局首选项设置?此应用程序可以在应用程序>实用程序>钥匙链访问下找到。
默认设置表示:
Online Certificate Status Protocol (OCSP): Best attempt
Certificate Revocation List (CSP): Best attempt
Priority: OCSP如果(临时)关闭OCSP和CRL,您可以验证应用程序是否接受您的证书。
在任何情况下,您都不应该使用已吊销的证书...:-)
Stack Overflow用户
发布于 2011-07-31 19:23:20
您是否在从未运行过applet的非lion机器上尝试过?也许你测试过的其他机器已经信任你的applet了。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/6868628
复制
腾讯云开发者
