CA 签名的小程序是否需要访问互联网? [英] Is internet access needed for CA signed applet?
问题描述
我们编写了一个 Java 小程序,并通过证书颁发机构 Entrust 对其进行了签名.当通过任何浏览器部署小程序时,我们可以在 java 控制台日志中看到向 CA 发出请求:
We coded a java applet and signed it through a Certificate Authority, Entrust. When the applet is deployed through any browser, we can see in java console logs that a request is made to the CA:
network: Connecting http://ocsp.entrust.net/ with proxy=DIRECT
security: OCSP Response: GOOD
但是,我们的客户在 Intranet 中有一些计算机没有互联网连接.
However, our client has some computers in an intranet without internet connection.
那么,有没有办法避免向 CA 服务器发出任何 Internet 请求?
So, is there a way to avoid any internet request to CA server?
推荐答案
您将在 Java 控制面板 >> 高级选项卡中找到此选项
You will find this option from Java Control Panel >> Advanced tab
对以下各项执行证书吊销检查:仅出版商证书;信任链中的所有证书(默认和推荐);不勾选(不推荐)
Perform Certificate revocation checks on: Publishers certificate only; All certificates in the chain of trust (default and recommended); Do not check (not recommended)
http://www.java.com/en/download/help/revocation_options.xml
但是,您必须为 Intranet 中的每台计算机更改它.
However, you will have to change it for each computer in the intranet.
这篇关于CA 签名的小程序是否需要访问互联网?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!