Duplicate :
|
J2SE Version: java version "1.6.0_17" Java(TM) SE Runtime Environment (build 1.6.0_17-b04) Java HotSpot(TM) Server VM (build 14.3-b01, mixed mode) Operating System Configuration Information: SunOS sottecsweb 5.9 Generic_122300-28 sun4u sparc SUNW,Sun-Fire-280R cert contains the following in the cdp: URL=file://\\\\DC\\CRL\\entrust_ca_crlfile.crl Directory Address: CN=CRL1, O=entrust,C=ca When try to import this cert into a keystore using Java 1.6.0_17 on Solaris, get an exception: bash-2.05# keytool -importcert -file cacert.crt -keystore parthy1.keystore Enter keystore password: Owner: O=entrust, C=ca Issuer: O=entrust, C=ca Serial number: 481b478c Valid from: Fri May 02 12:25:41 EDT 2008 until: Tue May 02 12:55:41 EDT 2028 Certificate fingerprints: MD5: 42:15:6A:37:A0:CD:17:B9:DE:DD:AF:F2:0D:E1:DB:9D SHA1: 81:C8:C4:9F:31:4A:5B:EF:A6:3B:3A:C3:96:D4:CA:F8:BE:A1:4E:E6 Signature algorithm name: SHA1withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.16 Criticality=false PrivateKeyUsage: [ From: Fri May 02 12:25:41 EDT 2008, To: Tue May 02 12:55:41 EDT 2028] #2: ObjectId: 2.5.29.15 Criticality=false KeyUsage [ Key_CertSign Crl_Sign ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 02 50 78 CA 1D 6D 42 E5 AA B5 CA 34 85 A1 E1 0B .Px..mB....4.... 0010: E5 4F 55 66 .OUf ] ] #4: ObjectId: 1.2.840.113533.7.65.0 Criticality=false #5: ObjectId: 2.5.29.31 Criticality=false Unparseable CRLDistributionPoints extension due to java.io.IOException: invalid URI name:file://\\\\DC\\CRL\\entrust_ca_crlfile.crl 0000: 30 66 30 36 A0 34 A0 32 A4 30 30 2E 31 0B 30 09 0f06.4.2.00.1.0. 0010: 06 03 55 04 06 13 02 63 61 31 10 30 0E 06 03 55 ..U....ca1.0...U 0020: 04 0A 13 07 65 6E 74 72 75 73 74 31 0D 30 0B 06 ....entrust1.0.. 0030: 03 55 04 03 13 04 43 52 4C 31 30 2C A0 2A A0 28 .U....CRL10,.*.( 0040: 86 26 66 69 6C 65 3A 2F 2F 5C 5C 44 43 5C 43 52 .&file://\\\\DC\\CR 0050: 4C 5C 65 6E 74 72 75 73 74 5F 63 61 5F 63 72 6C L\\entrust_ca_crl 0060: 66 69 6C 65 2E 63 72 6C file.crl #6: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PathLen:2147483647 ] #7: ObjectId: 2.16.840.1.113730.1.1 Criticality=false NetscapeCertType [ SSL CA S/MIME CA Object Signing CA] #8: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 02 50 78 CA 1D 6D 42 E5 AA B5 CA 34 85 A1 E1 0B .Px..mB....4.... 0010: E5 4F 55 66 .OUf ] ] Trust this certificate? [no]: yes Certificate was added to keystore "file://\\\\DC\\CRL\\entrust_ca_crlfile.crl" is not a valid URI due to '\\' characters, However, the same cert imports without the exception if Java 1.6 on windows is used. There seems to be a discrepancy here. Moreover, the main reason to have multiple CDPs in a certificate is for redundancy. If a particular CDP in a certificate is invalid, then it should be skipped till at least one CDP can be validated. }