0

这就是在我的配置文件中提供我的 CDP

crlDistributionPoints = crldp
[ crldp ] 
fullname=URI:http://hq.teliot.dex/crl/root.crl
CRLissuer=dirName:issuer_sect
reasons=keyCompromise, CACompromise

这是错误,我认为这是我制作 MS 从属 CA 的根本原因。

certutil -f -urlfetch -verify C:\Users\Administrator\Desktop\root.cer
---CLIP----
 ----------------  Certificate AIA  ----------------
  No URLs "None" Time: 0 (null)
  ----------------  Certificate CDP  ----------------
  No URLs "None" Time: 0 (null)
  ----------------  Certificate OCSP  ----------------
  No URLs "None" Time: 0 (null)
  --------------------------------

Exclude leaf cert:
  Chain: da39a3ee5e6b4b0d3255bfef95601890afd80709
Full chain:
  Chain: 19d2daa652f34cf61e2872e54aae90b23458fc1a
------------------------------------
Verified Issuance Policies: All
Verified Application Policies: All
Cert is a CA certificate
Cannot check leaf certificate revocation status
CertUtil: -verify command completed successfully.

这是证书

-----BEGIN CERTIFICATE-----
MIIEuDCCA6CgAwIBAgIUOx7JOscuxX9LgxPpBqZZwQXsm5UwDQYJKoZIhvcNAQEL
BQAwgaMxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtUZWxpb3QgRW50LjEQMA4GA1UE
CgwHTFYgTExDLjELMAkGA1UECwwCSFExGjAYBgNVBAMMEVRlbGlvdCBIUSBSb290
IFgyMSAwHgYJKoZIhvcNAQkBFhF0ZWxpb3RAdGVsaW90LmRleDEhMB8GCSqGSIb3
DQEJARYSa3VuZGFyc2FAZ21haWwuY29tMB4XDTIxMDYwNDE4MTkyNloXDTIxMDcw
NDE4MTkyNlowgaMxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtUZWxpb3QgRW50LjEQ
MA4GA1UECgwHTFYgTExDLjELMAkGA1UECwwCSFExGjAYBgNVBAMMEVRlbGlvdCBI
USBSb290IFgyMSAwHgYJKoZIhvcNAQkBFhF0ZWxpb3RAdGVsaW90LmRleDEhMB8G
CSqGSIb3DQEJARYSa3VuZGFyc2FAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAsOYX6AIQ2sWlaslE+5W5o6mHZTHvQK1ll9NM+Fb2rK8O
Kilw5p2GpVOyWsgI6JDpW17j4ZTHgCST5XHXn96AWzGnXrLfmwhS6kG3VuHKGjM6
5nAKKrv0asWL6kX/vMS7XdKWGApwdWDVOvc/0g7nahtL2AMJtmtXvnixVByyGKQi
/kiFSSane/vQFqZMd3x3kTG624qfuh08Z57iVNB7267WXCeFIO1N9NrlZbHbMd0A
5KJycC4S9HSdZOeg3kgUbbdQasxRJCtFB1roFi5niT7zRhzZSRIFJJGK+BMcTq9a
weY0c9/xffkeYQn4EjCvyBWX5qSzlpgUDJkem2GR2QIDAQABo4HhMIHeMB0GA1Ud
DgQWBBQWKrWy4stWRGLkIWOVd6o4ZeVywjAfBgNVHSMEGDAWgBQWKrWy4stWRGLk
IWOVd6o4ZeVywjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjB7BgNV
HR8EdDByMHCgJaAjhiFodHRwOi8vaHEudGVsaW90LmRleC9jcmwvcm9vdC5jcmyB
AgVgokOkQTA/MQswCQYDVQQGEwJVUzEUMBIGA1UECgwLVGVsaW90IEVudC4xGjAY
BgNVBAMMEVRlbGlvdCBIUSBSb290IFgyMA0GCSqGSIb3DQEBCwUAA4IBAQBZqd1h
2pKa39gfEshWruOHRkEciibg8FGWpVYdiQYJnR+/Zwy9Uqg8hDuolGaPUgmypkCI
tx9H80c1S94dpWWPWU3VGxufmSm+KDEOotCb2qfr2xdhrHKcDkeFbII2x7FO1qyC
vYnLHv270JgRTaSNX/LHyq/B1ubgZSfzKI8LFV9yyXc7KSb+lVwPof3h4VfxGBkP
1V1svONEjm8+iKDQEcCitakINJvkzYsc5vDNgwZ8zbXw78i1WbTgmqSkZbAhi3Nn
ea8Df9d+SQgH+aBWR/QdJ1UoN/c3DZreikWzz6Ow6Hk9HKqT/CU11xALKrmM4vj2
zLEjFifP3i9v4C3b
-----END CERTIFICATE-----

当我用 -URL 单独向 certutil 询问 CRL 时,CRL 本身就很好。

4

0 回答 0