问题
We coded a java applet and signed it through a Certificate Authority, Entrust. When the applet is deployed through any browser, we can see in java console logs that a request is made to the CA:
network: Connecting http://ocsp.entrust.net/ with proxy=DIRECT
security: OCSP Response: GOOD
However, our client has some computers in an intranet without internet connection.
So, is there a way to avoid any internet request to CA server?
回答1:
You will find this option from Java Control Panel >> Advanced tab
Perform Certificate revocation checks on: Publishers certificate only; All certificates in the chain of trust (default and recommended); Do not check (not recommended)
http://www.java.com/en/download/help/revocation_options.xml
However, you will have to change it for each computer in the intranet.
来源:https://stackoverflow.com/questions/19498410/is-internet-access-needed-for-ca-signed-applet