堆栈内存溢出
  简体   繁体   English

如果我将计算机上的时钟提前,签名的 Java 小程序将不再在任何浏览器中运行

[英]Signed java applet no longer works in any browser if I set the clock ahead on my computer

 原文  2015-01-06 22:36:53       java/ security/ applet/ certificate

问题描述

I have a Java Applet (for a browser) signed and timestamped with a valid Code Signing Certificate from GoDaddy.我有一个 Java Applet(用于浏览器),使用来自 GoDaddy 的有效代码签名证书进行签名和时间戳。 The code signing certificate itself expires in a few weeks.代码签名证书本身将在几周后到期。 Everything I've read says that the applet will still be valid after the Code Signing Certificate expires:我读过的所有内容都表明小程序在代码签名证书到期后仍然有效:

From here :这里

If a timestamp is discovered, then the code signature is valid until the end of time, as long as the code remains unchanged如果发现时间戳,则代码签名一直有效,直到时间结束,只要代码保持不变

I would like to verify this is actually true though.我想验证这实际上是真的。 If I change my computer's clock settings to a later date, past when the certificate expires, I get the following Java Exception in IE, Firefox and Chrome:如果我将计算机的时钟设置更改为以后的日期,超过证书过期时间,我会在 IE、Firefox 和 Chrome 中收到以下 Java 异常:

java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Response is unreliable: its validity interval is out-of-date java.security.cert.CertificateException:java.security.cert.CertPathValidatorException:响应不可靠:其有效期间隔已过时

Does this mean that the applet will actually fail in a few weeks when the Code Signing Certificate expires, or is this test of changing my computer clock just invalid?这是否意味着当代码签名证书到期时,小程序实际上会在几周内失败,还是这种更改计算机时钟的测试无效? Any references either way?任何参考方法?

3 个解决方案

解决方案1
 3 已采纳  2015-04-17 21:24:22

The code Signing Certificate has expired several months ago now, and I can confirm everything is still working fine. 代码签名证书已经在几个月前到期,我可以确认一切仍然正常。 The Java popup that comes up (the first time visiting the site) says: "The web site's certificate has been verified." 出现的Java弹出窗口(第一次访问该网站)说:“该网站的证书已通过验证。”

Changing the local timestamp wasn't a valid test of this after all. 毕竟,更改本地时间戳不是有效的测试。

解决方案2
 1  2017-02-10 17:31:42

As @Gabriel pointed out in a comment to the original question the problem you experienced was due to revocation checking. 正如@Gabriel在对原始问题的评论中指出的那样,您遇到的问题是由于吊销检查。

I experienced this while testing with safari, and worked around it by configuring java to allow certificates to be trusted even if revocation status could not be verified, and not to check for certificate revocation. 我在使用Safari进行测试时遇到了这种情况,并通过配置java来解决该问题,即使在无法验证吊销状态的情况下,该证书也可以被信任,并且不检查证书吊销。

See the following screen shots from the java console. 请从Java控制台查看以下屏幕截图。

即使无法验证吊销状态也要信任 禁用吊销检查

解决方案3
 0  2021-10-21 04:50:52

尝试在您的设备上设置正确的日期它应该可以工作

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java签名的小程序无法在浏览器上运行 - Java Signed Applet Not Working on Browser Java Applet可在IDE中使用,但不能在浏览器中使用 - Java applet works in IDE, but not in browser 在浏览器中调试java applet - 在Eclipse中工作但不在浏览器中工作 - Debugging java applet in browser - works in Eclipse but not browser Java Applet仅在我的计算机上工作吗? - Java Applet work only on my computer? Java 8安全性阻止了存储在计算机上的小程序 - Java 8 Security blocking the applet stored on my computer 如果我创建一个签名的Java小程序,我可以在我想要的任何域上托管它吗? - If I create a signed Java applet, can I host it on any domain I want? Java Clock Applet - Java Clock Applet 我的Java小程序中有任何错误吗? - Are there any errors in my java applet? 如何获得Java Applet签名? - How do I get a java applet signed? 将解析器添加到充当Web浏览器的Java小程序中 - adding a parser to a java applet that works as a web browser
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM