-
Bug
-
Resolution: Duplicate
-
P3
-
6u17
-
sparc
-
solaris
J2SE Version:
java version "1.6.0_17"
Java(TM) SE Runtime Environment (build 1.6.0_17-b04)
Java HotSpot(TM) Server VM (build 14.3-b01, mixed mode)
Operating System Configuration Information:
SunOS sottecsweb 5.9 Generic_122300-28 sun4u sparc SUNW,Sun-Fire-280R
cert contains the following in the cdp:
URL=file://\\\\DC\\CRL\\entrust_ca_crlfile.crl
Directory Address: CN=CRL1, O=entrust,C=ca
When try to import this cert into a keystore using Java 1.6.0_17 on Solaris, get an exception:
bash-2.05# keytool -importcert -file cacert.crt -keystore parthy1.keystore
Enter keystore password:
Owner: O=entrust, C=ca
Issuer: O=entrust, C=ca
Serial number: 481b478c
Valid from: Fri May 02 12:25:41 EDT 2008 until: Tue May 02 12:55:41 EDT 2028
Certificate fingerprints:
MD5: 42:15:6A:37:A0:CD:17:B9:DE:DD:AF:F2:0D:E1:DB:9D
SHA1: 81:C8:C4:9F:31:4A:5B:EF:A6:3B:3A:C3:96:D4:CA:F8:BE:A1:4E:E6
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
From: Fri May 02 12:25:41 EDT 2008, To: Tue May 02 12:55:41 EDT 2028]
#2: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 02 50 78 CA 1D 6D 42 E5 AA B5 CA 34 85 A1 E1 0B .Px..mB....4....
0010: E5 4F 55 66 .OUf
]
]
#4: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
#5: ObjectId: 2.5.29.31 Criticality=false
Unparseable CRLDistributionPoints extension due to
java.io.IOException: invalid URI name:file://\\\\DC\\CRL\\entrust_ca_crlfile.crl
0000: 30 66 30 36 A0 34 A0 32 A4 30 30 2E 31 0B 30 09 0f06.4.2.00.1.0.
0010: 06 03 55 04 06 13 02 63 61 31 10 30 0E 06 03 55 ..U....ca1.0...U
0020: 04 0A 13 07 65 6E 74 72 75 73 74 31 0D 30 0B 06 ....entrust1.0..
0030: 03 55 04 03 13 04 43 52 4C 31 30 2C A0 2A A0 28 .U....CRL10,.*.(
0040: 86 26 66 69 6C 65 3A 2F 2F 5C 5C 44 43 5C 43 52 .&file://\\\\DC\\CR
0050: 4C 5C 65 6E 74 72 75 73 74 5F 63 61 5F 63 72 6C L\\entrust_ca_crl
0060: 66 69 6C 65 2E 63 72 6C file.crl
#6: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
#7: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
Object Signing CA]
#8: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 02 50 78 CA 1D 6D 42 E5 AA B5 CA 34 85 A1 E1 0B .Px..mB....4....
0010: E5 4F 55 66 .OUf
]
]
Trust this certificate? [no]: yes
Certificate was added to keystore
"file://\\\\DC\\CRL\\entrust_ca_crlfile.crl" is not a valid URI due to '\\' characters,
However, the same cert imports without the exception if Java 1.6 on windows is used.
There seems to be a discrepancy here.
Moreover, the main reason to have multiple CDPs in a certificate is for redundancy.
If a particular CDP in a certificate is invalid, then it should be skipped till
at least one CDP can be validated.
}
java version "1.6.0_17"
Java(TM) SE Runtime Environment (build 1.6.0_17-b04)
Java HotSpot(TM) Server VM (build 14.3-b01, mixed mode)
Operating System Configuration Information:
SunOS sottecsweb 5.9 Generic_122300-28 sun4u sparc SUNW,Sun-Fire-280R
cert contains the following in the cdp:
URL=file://\\\\DC\\CRL\\entrust_ca_crlfile.crl
Directory Address: CN=CRL1, O=entrust,C=ca
When try to import this cert into a keystore using Java 1.6.0_17 on Solaris, get an exception:
bash-2.05# keytool -importcert -file cacert.crt -keystore parthy1.keystore
Enter keystore password:
Owner: O=entrust, C=ca
Issuer: O=entrust, C=ca
Serial number: 481b478c
Valid from: Fri May 02 12:25:41 EDT 2008 until: Tue May 02 12:55:41 EDT 2028
Certificate fingerprints:
MD5: 42:15:6A:37:A0:CD:17:B9:DE:DD:AF:F2:0D:E1:DB:9D
SHA1: 81:C8:C4:9F:31:4A:5B:EF:A6:3B:3A:C3:96:D4:CA:F8:BE:A1:4E:E6
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
From: Fri May 02 12:25:41 EDT 2008, To: Tue May 02 12:55:41 EDT 2028]
#2: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 02 50 78 CA 1D 6D 42 E5 AA B5 CA 34 85 A1 E1 0B .Px..mB....4....
0010: E5 4F 55 66 .OUf
]
]
#4: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
#5: ObjectId: 2.5.29.31 Criticality=false
Unparseable CRLDistributionPoints extension due to
java.io.IOException: invalid URI name:file://\\\\DC\\CRL\\entrust_ca_crlfile.crl
0000: 30 66 30 36 A0 34 A0 32 A4 30 30 2E 31 0B 30 09 0f06.4.2.00.1.0.
0010: 06 03 55 04 06 13 02 63 61 31 10 30 0E 06 03 55 ..U....ca1.0...U
0020: 04 0A 13 07 65 6E 74 72 75 73 74 31 0D 30 0B 06 ....entrust1.0..
0030: 03 55 04 03 13 04 43 52 4C 31 30 2C A0 2A A0 28 .U....CRL10,.*.(
0040: 86 26 66 69 6C 65 3A 2F 2F 5C 5C 44 43 5C 43 52 .&file://\\\\DC\\CR
0050: 4C 5C 65 6E 74 72 75 73 74 5F 63 61 5F 63 72 6C L\\entrust_ca_crl
0060: 66 69 6C 65 2E 63 72 6C file.crl
#6: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
#7: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
Object Signing CA]
#8: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 02 50 78 CA 1D 6D 42 E5 AA B5 CA 34 85 A1 E1 0B .Px..mB....4....
0010: E5 4F 55 66 .OUf
]
]
Trust this certificate? [no]: yes
Certificate was added to keystore
"file://\\\\DC\\CRL\\entrust_ca_crlfile.crl" is not a valid URI due to '\\' characters,
However, the same cert imports without the exception if Java 1.6 on windows is used.
There seems to be a discrepancy here.
Moreover, the main reason to have multiple CDPs in a certificate is for redundancy.
If a particular CDP in a certificate is invalid, then it should be skipped till
at least one CDP can be validated.
}
- duplicates
-
-
- Closed
-