Форум КриптоПро
»
Средства криптографической защиты информации
»
КриптоПро JCP, JavaTLS
»
Невозможность проверки на отозванность Could not determine revocation status
Статус: Участник
Группы: Участники
Зарегистрирован: 11.08.2015(UTC) Сообщений: 19  Откуда: Екатеринбург Сказал(а) «Спасибо»: 4 раз
|
Коллеги, добрый вечер! Подскажите, пожалуйста, есть квалифицированный сертификат пользователя, выданный ЕЭТП. 1. Ниже тестовая строка и подпись (  string1.zip (4kb) загружен 5 раз(а).) данным сертификатом. При попытке выполнить проверку в КритоАРМ у себя локально на машине выдается такое (см. рис.). На чей стороне проблема и куда обращаться? В УЦ ЕЭТП утверждают, что все CRL доступны. 2. Собственно также мы в своей системе на сервере пытаемся посредством серверного КрипроПро JCP проверять, НО получаем ошибку: Код:апр 24, 2017 9:50:42 PM ru.CryptoPro.reprov.certpath.URICertStore engineGetCRLs
WARNING: Exception fetching CRL:
java.security.cert.CRLException: Empty input
at sun.security.provider.X509Factory.engineGenerateCRL(X509Factory.java:395)
at java.security.cert.CertificateFactory.generateCRL(CertificateFactory.java:497)
at ru.CryptoPro.reprov.certpath.URICertStore.engineGetCRLs(Unknown Source)
at java.security.cert.CertStore.getCRLs(CertStore.java:181)
at ru.CryptoPro.reprov.certpath.DistributionPointFetcher.a(Unknown Source)
at ru.CryptoPro.reprov.certpath.DistributionPointFetcher.a(Unknown Source)
at ru.CryptoPro.reprov.certpath.DistributionPointFetcher.a(Unknown Source)
at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source)
at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source)
at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.check(Unknown Source)
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:219)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
at ru.CryptoPro.reprov.CPCertPathValidator.engineValidate(Unknown Source)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
at ru.CryptoPro.CAdES.b.d.a.a(Unknown Source)
at ru.CryptoPro.CAdES.b.d.a.a(Unknown Source)
at ru.CryptoPro.CAdES.CAdESSigner.a(Unknown Source)
at ru.CryptoPro.CAdES.CAdESSignature.a(Unknown Source)
at ru.CryptoPro.CAdES.CAdESSignature.verify(Unknown Source)
at ru.naumen.etp.crypto.jcp.JCPUtils.verifyCAdES(JCPUtils.java:247)
at ru.naumen.etp.notifier.VerifyEdsServlet.doPost(VerifyEdsServlet.java:54)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:643)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:652)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:891)
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:760)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:2290)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
апр 24, 2017 9:50:57 PM ru.CryptoPro.reprov.certpath.URICertStore engineGetCRLs
WARNING: Exception fetching CRL:
java.net.SocketTimeoutException: connect timed out
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:211)
at sun.net.www.http.HttpClient.New(HttpClient.java:308)
at sun.net.www.http.HttpClient.New(HttpClient.java:326)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1169)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1105)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:999)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:933)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
at ru.CryptoPro.reprov.certpath.URICertStore.engineGetCRLs(Unknown Source)
at java.security.cert.CertStore.getCRLs(CertStore.java:181)
at ru.CryptoPro.reprov.certpath.DistributionPointFetcher.a(Unknown Source)
at ru.CryptoPro.reprov.certpath.DistributionPointFetcher.a(Unknown Source)
at ru.CryptoPro.reprov.certpath.DistributionPointFetcher.a(Unknown Source)
at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source)
at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source)
at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.check(Unknown Source)
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:219)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
at ru.CryptoPro.reprov.CPCertPathValidator.engineValidate(Unknown Source)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
at ru.CryptoPro.CAdES.b.d.a.a(Unknown Source)
at ru.CryptoPro.CAdES.b.d.a.a(Unknown Source)
at ru.CryptoPro.CAdES.CAdESSigner.a(Unknown Source)
at ru.CryptoPro.CAdES.CAdESSignature.a(Unknown Source)
at ru.CryptoPro.CAdES.CAdESSignature.verify(Unknown Source)
at ru.naumen.etp.crypto.jcp.JCPUtils.verifyCAdES(JCPUtils.java:247)
at ru.naumen.etp.notifier.VerifyEdsServlet.doPost(VerifyEdsServlet.java:54)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:643)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:652)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:891)
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:760)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:2290)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
апр 24, 2017 9:50:57 PM ru.CryptoPro.reprov.certpath.URICertStore engineGetCRLs
WARNING: Exception fetching CRL:
java.security.cert.CRLException: Empty input
at sun.security.provider.X509Factory.engineGenerateCRL(X509Factory.java:395)
at java.security.cert.CertificateFactory.generateCRL(CertificateFactory.java:497)
at ru.CryptoPro.reprov.certpath.URICertStore.engineGetCRLs(Unknown Source)
at java.security.cert.CertStore.getCRLs(CertStore.java:181)
at ru.CryptoPro.reprov.certpath.DistributionPointFetcher.a(Unknown Source)
at ru.CryptoPro.reprov.certpath.DistributionPointFetcher.a(Unknown Source)
at ru.CryptoPro.reprov.certpath.DistributionPointFetcher.a(Unknown Source)
at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source)
at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source)
at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.check(Unknown Source)
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:219)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
at ru.CryptoPro.reprov.CPCertPathValidator.engineValidate(Unknown Source)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
at ru.CryptoPro.CAdES.b.d.a.a(Unknown Source)
at ru.CryptoPro.CAdES.b.d.a.a(Unknown Source)
at ru.CryptoPro.CAdES.CAdESSigner.a(Unknown Source)
at ru.CryptoPro.CAdES.CAdESSignature.a(Unknown Source)
at ru.CryptoPro.CAdES.CAdESSignature.verify(Unknown Source)
at ru.naumen.etp.crypto.jcp.JCPUtils.verifyCAdES(JCPUtils.java:247)
at ru.naumen.etp.notifier.VerifyEdsServlet.doPost(VerifyEdsServlet.java:54)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:643)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:652)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:891)
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:760)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:2290)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
апр 24, 2017 9:50:57 PM ru.CryptoPro.CAdES.b.d.a a
WARNING: ERROR
java.security.cert.CertPathValidatorException: Could not determine revocation status: unable to find valid certification path to requested target
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:219)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
at ru.CryptoPro.reprov.CPCertPathValidator.engineValidate(Unknown Source)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
at ru.CryptoPro.CAdES.b.d.a.a(Unknown Source)
at ru.CryptoPro.CAdES.b.d.a.a(Unknown Source)
at ru.CryptoPro.CAdES.CAdESSigner.a(Unknown Source)
at ru.CryptoPro.CAdES.CAdESSignature.a(Unknown Source)
at ru.CryptoPro.CAdES.CAdESSignature.verify(Unknown Source)
at ru.naumen.etp.crypto.jcp.JCPUtils.verifyCAdES(JCPUtils.java:247)
at ru.naumen.etp.notifier.VerifyEdsServlet.doPost(VerifyEdsServlet.java:54)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:643)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:652)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:891)
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:760)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:2290)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source)
at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source)
at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source)
at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source)
at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.check(Unknown Source)
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
... 30 more
апр 24, 2017 9:50:57 PM ru.CryptoPro.CAdES.exception.CAdESException <init>
SEVERE: Invalid certificate chain
|
|
|
|
|
|
Статус: Сотрудник
Группы: Участники
Зарегистрирован: 06.12.2008(UTC) Сообщений: 4,003 Откуда: Крипто-Про Сказал(а) «Спасибо»: 21 раз
Поблагодарили: 714 раз в 674 постах
|
Здравствуйте.
Можете приложить проблемный сертификат?
Известно, какое ПО установлено в УЦ ЕЭТП? |
|
|
|
|
|
|
Форум КриптоПро
»
Средства криптографической защиты информации
»
КриптоПро JCP, JavaTLS
»
Невозможность проверки на отозванность Could not determine revocation status
Быстрый переход
Вы не можете создавать новые темы в этом форуме.
Вы не можете отвечать в этом форуме.
Вы не можете удалять Ваши сообщения в этом форуме.
Вы не можете редактировать Ваши сообщения в этом форуме.
Вы не можете создавать опросы в этом форуме.
Вы не можете голосовать в этом форуме.
Important Information:
The Форум КриптоПро uses cookies. By continuing to browse this site, you are agreeing to our use of cookies.
More Details
Close
