CA 签名的小程序是否需要访问互联网? [英] Is internet access needed for CA signed applet?

问题描述

我们编写了一个 Java 小程序，并通过证书颁发机构 Entrust 对其进行了签名.当通过任何浏览器部署小程序时，我们可以在 java 控制台日志中看到向 CA 发出请求:

We coded a java applet and signed it through a Certificate Authority, Entrust. When the applet is deployed through any browser, we can see in java console logs that a request is made to the CA:

network: Connecting http://ocsp.entrust.net/ with proxy=DIRECT
security: OCSP Response: GOOD

但是，我们的客户在 Intranet 中有一些计算机没有互联网连接.

However, our client has some computers in an intranet without internet connection.

那么，有没有办法避免向 CA 服务器发出任何 Internet 请求?

So, is there a way to avoid any internet request to CA server?

推荐答案

您将在 Java 控制面板 >> 高级选项卡中找到此选项

You will find this option from Java Control Panel >> Advanced tab

对以下各项执行证书吊销检查:仅出版商证书；信任链中的所有证书(默认和推荐)；不勾选(不推荐)

Perform Certificate revocation checks on: Publishers certificate only; All certificates in the chain of trust (default and recommended); Do not check (not recommended)

http://www.java.com/en/download/help/revocation_options.xml

但是，您必须为 Intranet 中的每台计算机更改它.

However, you will have to change it for each computer in the intranet.

这篇关于CA 签名的小程序是否需要访问互联网?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！