0

我们遇到以下问题,有人可以帮忙吗?

在某些PC上,当用户访问我公司CA签署的网站时,IE会显示不受信任的证书页面。但是证书已经导入到 IE 信任根中

取消选中“检查服务器证书吊销”,然后没有警告页面。

要使用 certutil 验证证书,以下是消息。

certutil -verify -urlfetch test.cert

ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)

SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)

CertContext[0][0]: dwInfoStatus=10a dwErrorStatus=20
  Issuer: O=MyCompany Root CA, C=US
  Subject: O=MyCompany Root CA, C=US
  Serial: 

  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  Element.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)
  ----------------  Certificate AIA  ----------------
  No URLs "None" Time: 0
  ----------------  Certificate CDP  ----------------
319.1862.0: 0x8007006e (WIN32: 110): ldap:///CN=CRL1, O=MyCompany Root CA, C=US?certificateRevocationList;binary,authorityRevocationList;binary,deltaRevocationList;binary
319.1862.0: 0x8007003a (WIN32: 58): ldap://dc.mycompany.com/o=mycompany%20CA1,c=US?certificateRevocationList;binary
  Failed "CDP" Time: 0
    Error retrieving URL: The system cannot open the device or file specified. 0x8007006e (WIN32: 110)
    ldap:///CN=CRL1, O=MyCompany Root CA, C=US?certificateRevocationList;binary,authorityRevocationList;binary,deltaRevocationList;binary

  Failed "CDP" Time: 0
    Error retrieving URL: The specified server cannot perform the requested operation. 0x8007003a (WIN32: 58)
    ldap://dc.mycompany.com/o=mycompany%20CA1,c=US?certificateRevocationList;binary

  Verified "Base CRL (2419)" Time: 1
    [2.0] http://dc.mycompany.com/CombinedCDP/CRL.crl"
4

1 回答 1

0

我有同样的问题。在本地计算机上安装根证书 > 受信任的根证书颁发机构解决了我的问题。不需要在当前用户 > 受信任的根证书颁发机构中安装根证书。

于 2013-12-10T08:39:25.207 回答