-
Bug
-
Resolution: Not an Issue
-
P3
-
None
-
8u31
Submitter is having issues (Certificate revocation check fails) making an SSL call when issuer certicate has CDP with ldap:///CN...(i.e.) null ldap server name:
i.e. the issuer certificate has an CDP with ldap:///CN...
Subject: CN=xxx.yyy.net, OU=XXX, OU=TTT, O=OOO, L=LLL, C=US
...
Issuer: CN=CDP Root CA, DC=ddd, DC=net
...
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName:
http://certserverxx.corpxx.net/PKIRoot//CorpInternal Root CA.crl, URIName: ldap:///CN=AAA Root CA,CN=AAA,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,
DC=nsroot,
DC=net?certificateRevocationList?base?objectClass=cRLDistributionPoint]
]]
Java is interpreting the null ldap server name as localhost and that fails because the client doesn't have an ldap server running.
i.e. the issuer certificate has an CDP with ldap:///CN...
Subject: CN=xxx.yyy.net, OU=XXX, OU=TTT, O=OOO, L=LLL, C=US
...
Issuer: CN=CDP Root CA, DC=ddd, DC=net
...
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName:
http://certserverxx.corpxx.net/PKIRoot//CorpInternal Root CA.crl, URIName: ldap:///CN=AAA Root CA,CN=AAA,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,
DC=nsroot,
DC=net?certificateRevocationList?base?objectClass=cRLDistributionPoint]
]]
Java is interpreting the null ldap server name as localhost and that fails because the client doesn't have an ldap server running.