Hello,
I'm developing a web application that uses applets signed with a certificate issued by the customer CA. That certificate contains an URL to a CRL Distribution Point that does not define the host and port. The certificate attributes "CRL Distribution Points" and "Authority Information Access" contain an URL similar to "ldap:///CN=my-cn...".
The log files generated by the Certificate Revocation-Checking API (C:\Users\[my_user]\AppData\LocalLow\Sun\Java\Deployment\log) indicate that the values "localhost" and "389" are being used for host and port.
... certpath: DistributionPointFetcher.getCRLs: Checking CRLDPs for CN=xxx, O=yyy, L=zzz, C=PT certpath: Trying to fetch CRL from DP ldap:///CN=_my-cn_?certificateRevocationList?base?objectClass=cRLDistributionPoint certpath: CertStore URI:ldap:///CN=_my-cn_?certificateRevocationList?base?objectClass=cRLDistributionPoint ... network: Connecting http://localhost:389/ with proxy=DIRECT ... certpath: LDAPCertStore.engineInit about to throw InvalidAlgorithmParameterException javax.naming.CommunicationException: localhost:389 [Root exception is java.net.ConnectException: Connection refused: connect] at com.sun.jndi.ldap.Connection.<init>(Unknown Source) ... |
Can you confirm that the host is mandatory, otherwise the default value "localhost" is used?
I read in the LDAP RFC (http://www.ietf.org/rfc/rfc4516.txt) that if the "host" field is not present, the client must have some a priori knowledge of an appropriate LDAP server to contact. Is it possible to configure the "host" attribute?
I'm using the JRE version 1.7.0_45 (build 1.7.0_45-b18).
Best regards,
Telmo Simões