我们遇到以下问题,有人可以帮忙吗?
在某些PC上,当用户访问我公司CA签名的网站时,IE会显示不受信任的证书页面。 但是证书已经导入到IE Trust Root
取消选中“检查服务器证书吊销”,则没有警告页面。
要使用 certutil 验证证书,下面是消息。
certutil -verify -urlfetch test.cert
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)
CertContext[0][0]: dwInfoStatus=10a dwErrorStatus=20
Issuer: O=MyCompany Root CA, C=US
Subject: O=MyCompany Root CA, C=US
Serial:
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
Element.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)
---------------- Certificate AIA ----------------
No URLs "None" Time: 0
---------------- Certificate CDP ----------------
319.1862.0: 0x8007006e (WIN32: 110): ldap:///CN=CRL1, O=MyCompany Root CA, C=US?certificateRevocationList;binary,authorityRevocationList;binary,deltaRevocationList;binary
319.1862.0: 0x8007003a (WIN32: 58): ldap://dc.mycompany.com/o=mycompany%20CA1,c=US?certificateRevocationList;binary
Failed "CDP" Time: 0
Error retrieving URL: The system cannot open the device or file specified. 0x8007006e (WIN32: 110)
ldap:///CN=CRL1, O=MyCompany Root CA, C=US?certificateRevocationList;binary,authorityRevocationList;binary,deltaRevocationList;binary
Failed "CDP" Time: 0
Error retrieving URL: The specified server cannot perform the requested operation. 0x8007003a (WIN32: 58)
ldap://dc.mycompany.com/o=mycompany%20CA1,c=US?certificateRevocationList;binary
Verified "Base CRL (2419)" Time: 1
[2.0] http://dc.mycompany.com/CombinedCDP/CRL.crl"
最佳答案
我遇到了同样的问题。在本地计算机上安装根证书 > 受信任的根证书颁发机构解决了我的问题。 不需要在当前用户 > 受信任的根证书颁发机构中安装根证书。
关于internet-explorer - 使用在 IE Trusted Root 中导入的证书不信任 Root CA,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/16976745/