仅在mac OSX10.7(Lion)上撤销Java签名的applet证书

时间:2011-07-29 04:23:06

标签: java macos applet certificate osx-lion

我有一个签名的小程序,可以在Windows,Mac< = 10.6和linux上正常工作。但是,在OSX Lion上,签署证书被撤销。以下是来自java控制台的安全调试信息:

security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading Root CA certificates from from keychain
security: Loaded Root CA certificates from from keychain
security: Validate the certificate chain using CertPath API
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: jpicertstore.cert.getkeystore
security: No timestamping info available
security: Cannot find jurisdiction list file
security: The CRL support is enabled
security: PC Operating Center
security: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.thawte.com/ThawteCodeSigningCA.crl]
]]

security: Thawte Code Signing CA
security: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.thawte.com/ThawtePremiumServerCA.crl]
]]

security: Use CRL setting from certificate
security: The OCSP support is enabled
security: PC Operating Center
security: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://ocsp.thawte.com]
]

security: This certificate does not have AIA extension
security: Use OCSP setting from certificate
network: Cache entry not found [url: http://crl.thawte.com/ThawtePremiumServerCA.crl, version: null]
network: Connecting http://crl.thawte.com/ThawtePremiumServerCA.crl with proxy=DIRECT
network: Connecting http://crl.thawte.com:80/ with proxy=DIRECT
network: Downloading resource: http://crl.thawte.com/ThawtePremiumServerCA.crl
    Content-Length: 181,278
    Content-Encoding: null
network: Wrote URL http://crl.thawte.com/ThawtePremiumServerCA.crl to File /Users/koutbo6/Library/Caches/Java/cache/6.0/38/2fb889a6-30a08967-temp
network: Connecting http://ocsp.thawte.com/ with proxy=DIRECT
network: Connecting http://ocsp.thawte.com:80/ with proxy=DIRECT
network: CleanupThread used 990300 us
network: Connecting http://ocsp.thawte.com/ with proxy=DIRECT
network: Connecting http://ocsp.thawte.com:80/ with proxy=DIRECT
security: This certificate has been revoked
Ignored exception: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate has been revoked

非常感谢有关如何让已签名的小程序在Lion上运行的任何提示。

更新:

这是证书的序列号:28 A9 29 38 64 0D FC 5D 7D 1D 05 CE 7F 1D 81 E0

我注意到雪豹上的以下内容,如果我转到java偏好设置的高级设置并启用“使用CRL检查证书以撤销”,我会得到与狮子座相同的问题。

我检查了lion java偏好设置并且选项已被禁用但证书仍然被撤销

在雪豹上,我再次禁用该选项,一切正常

2 个答案:

答案 0 :(得分:1)

也许Java使用“Keychain Access”应用程序中的全局首选项设置? 该应用程序可以在Applications>下找到。公用事业>钥匙串访问。

默认设置表示:

Online Certificate Status Protocol (OCSP): Best attempt
Certificate Revocation List (CSP): Best attempt
Priority: OCSP

如果您(暂时)关闭OCSP和CRL,您可以验证应用程序是否接受您的证书。

无论如何,您可能不应该使用已撤销的证书......: - )

答案 1 :(得分:0)

你有没有在以前从未运行过applet的非狮子机上试过它?也许您测试过的其他机器已经信任您的applet。

相关问题
最新问题