Ключевое слово в защите информации
КЛЮЧЕВОЕ СЛОВО
в защите информации
Получить ГОСТ TLS-сертификат для домена (SSL-сертификат)
Добро пожаловать, Гость! Чтобы использовать все возможности Вход или Регистрация.

Уведомление

Icon
Error

Опции
К последнему сообщению К первому непрочитанному
Offline scherepanov  
#1 Оставлено : 24 апреля 2017 г. 22:07:29(UTC)
scherepanov

Статус: Участник

Группы: Участники
Зарегистрирован: 11.08.2015(UTC)
Сообщений: 19
Российская Федерация
Откуда: Екатеринбург

Сказал(а) «Спасибо»: 4 раз
Коллеги, добрый вечер!

Подскажите, пожалуйста, есть квалифицированный сертификат пользователя, выданный ЕЭТП.

1. Ниже тестовая строка и подпись ( string1.zip (4kb) загружен 5 раз(а).) данным сертификатом. При попытке выполнить проверку в КритоАРМ у себя локально на машине выдается такое (см. рис.). На чей стороне проблема и куда обращаться? В УЦ ЕЭТП утверждают, что все CRL доступны.


2. Собственно также мы в своей системе на сервере пытаемся посредством серверного КрипроПро JCP проверять, НО получаем ошибку:

Код:
апр 24, 2017 9:50:42 PM ru.CryptoPro.reprov.certpath.URICertStore engineGetCRLs
WARNING: Exception fetching CRL:
java.security.cert.CRLException: Empty input
        at sun.security.provider.X509Factory.engineGenerateCRL(X509Factory.java:395)
        at java.security.cert.CertificateFactory.generateCRL(CertificateFactory.java:497)
        at ru.CryptoPro.reprov.certpath.URICertStore.engineGetCRLs(Unknown Source)
        at java.security.cert.CertStore.getCRLs(CertStore.java:181)
        at ru.CryptoPro.reprov.certpath.DistributionPointFetcher.a(Unknown Source)
        at ru.CryptoPro.reprov.certpath.DistributionPointFetcher.a(Unknown Source)
        at ru.CryptoPro.reprov.certpath.DistributionPointFetcher.a(Unknown Source)
        at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source)
        at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source)
        at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.check(Unknown Source)
        at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
        at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:219)
        at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140)
        at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
        at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
        at ru.CryptoPro.reprov.CPCertPathValidator.engineValidate(Unknown Source)
        at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
        at ru.CryptoPro.CAdES.b.d.a.a(Unknown Source)
        at ru.CryptoPro.CAdES.b.d.a.a(Unknown Source)
        at ru.CryptoPro.CAdES.CAdESSigner.a(Unknown Source)
        at ru.CryptoPro.CAdES.CAdESSignature.a(Unknown Source)
        at ru.CryptoPro.CAdES.CAdESSignature.verify(Unknown Source)
        at ru.naumen.etp.crypto.jcp.JCPUtils.verifyCAdES(JCPUtils.java:247)
        at ru.naumen.etp.notifier.VerifyEdsServlet.doPost(VerifyEdsServlet.java:54)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:643)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:652)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
        at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:891)
        at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:760)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:2290)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)

апр 24, 2017 9:50:57 PM ru.CryptoPro.reprov.certpath.URICertStore engineGetCRLs
WARNING: Exception fetching CRL:
java.net.SocketTimeoutException: connect timed out
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
        at java.net.Socket.connect(Socket.java:589)
        at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
        at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
        at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
        at sun.net.www.http.HttpClient.<init>(HttpClient.java:211)
        at sun.net.www.http.HttpClient.New(HttpClient.java:308)
        at sun.net.www.http.HttpClient.New(HttpClient.java:326)
        at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1169)
        at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1105)
        at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:999)
        at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:933)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
        at ru.CryptoPro.reprov.certpath.URICertStore.engineGetCRLs(Unknown Source)
        at java.security.cert.CertStore.getCRLs(CertStore.java:181)
        at ru.CryptoPro.reprov.certpath.DistributionPointFetcher.a(Unknown Source)
        at ru.CryptoPro.reprov.certpath.DistributionPointFetcher.a(Unknown Source)
        at ru.CryptoPro.reprov.certpath.DistributionPointFetcher.a(Unknown Source)
        at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source)
        at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source)
        at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.check(Unknown Source)
        at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
        at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:219)
        at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140)
        at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
        at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
        at ru.CryptoPro.reprov.CPCertPathValidator.engineValidate(Unknown Source)
        at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
        at ru.CryptoPro.CAdES.b.d.a.a(Unknown Source)
        at ru.CryptoPro.CAdES.b.d.a.a(Unknown Source)
        at ru.CryptoPro.CAdES.CAdESSigner.a(Unknown Source)
        at ru.CryptoPro.CAdES.CAdESSignature.a(Unknown Source)
        at ru.CryptoPro.CAdES.CAdESSignature.verify(Unknown Source)
        at ru.naumen.etp.crypto.jcp.JCPUtils.verifyCAdES(JCPUtils.java:247)
        at ru.naumen.etp.notifier.VerifyEdsServlet.doPost(VerifyEdsServlet.java:54)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:643)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:652)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
        at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:891)
        at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:760)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:2290)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)

апр 24, 2017 9:50:57 PM ru.CryptoPro.reprov.certpath.URICertStore engineGetCRLs
WARNING: Exception fetching CRL:
java.security.cert.CRLException: Empty input
        at sun.security.provider.X509Factory.engineGenerateCRL(X509Factory.java:395)
        at java.security.cert.CertificateFactory.generateCRL(CertificateFactory.java:497)
        at ru.CryptoPro.reprov.certpath.URICertStore.engineGetCRLs(Unknown Source)
        at java.security.cert.CertStore.getCRLs(CertStore.java:181)
        at ru.CryptoPro.reprov.certpath.DistributionPointFetcher.a(Unknown Source)
        at ru.CryptoPro.reprov.certpath.DistributionPointFetcher.a(Unknown Source)
        at ru.CryptoPro.reprov.certpath.DistributionPointFetcher.a(Unknown Source)
        at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source)
        at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source)
        at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.check(Unknown Source)
        at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
        at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:219)
        at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140)
        at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
        at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
        at ru.CryptoPro.reprov.CPCertPathValidator.engineValidate(Unknown Source)
        at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
        at ru.CryptoPro.CAdES.b.d.a.a(Unknown Source)
        at ru.CryptoPro.CAdES.b.d.a.a(Unknown Source)
        at ru.CryptoPro.CAdES.CAdESSigner.a(Unknown Source)
        at ru.CryptoPro.CAdES.CAdESSignature.a(Unknown Source)
        at ru.CryptoPro.CAdES.CAdESSignature.verify(Unknown Source)
        at ru.naumen.etp.crypto.jcp.JCPUtils.verifyCAdES(JCPUtils.java:247)
        at ru.naumen.etp.notifier.VerifyEdsServlet.doPost(VerifyEdsServlet.java:54)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:643)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:652)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
        at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:891)
        at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:760)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:2290)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)

апр 24, 2017 9:50:57 PM ru.CryptoPro.CAdES.b.d.a a
WARNING: ERROR
java.security.cert.CertPathValidatorException: Could not determine revocation status:  unable to find valid certification path to requested target
        at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
        at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:219)
        at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140)
        at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
        at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
        at ru.CryptoPro.reprov.CPCertPathValidator.engineValidate(Unknown Source)
        at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
        at ru.CryptoPro.CAdES.b.d.a.a(Unknown Source)
        at ru.CryptoPro.CAdES.b.d.a.a(Unknown Source)
        at ru.CryptoPro.CAdES.CAdESSigner.a(Unknown Source)
        at ru.CryptoPro.CAdES.CAdESSignature.a(Unknown Source)
        at ru.CryptoPro.CAdES.CAdESSignature.verify(Unknown Source)
        at ru.naumen.etp.crypto.jcp.JCPUtils.verifyCAdES(JCPUtils.java:247)
        at ru.naumen.etp.notifier.VerifyEdsServlet.doPost(VerifyEdsServlet.java:54)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:643)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:652)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
        at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:891)
        at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:760)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:2290)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
        at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source)
        at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source)
        at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source)
        at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source)
        at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.check(Unknown Source)
        at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
        ... 30 more

апр 24, 2017 9:50:57 PM ru.CryptoPro.CAdES.exception.CAdESException <init>
SEVERE: Invalid certificate chain
Offline Евгений Афанасьев  
#2 Оставлено : 25 апреля 2017 г. 9:34:50(UTC)
Евгений Афанасьев

Статус: Сотрудник

Группы: Участники
Зарегистрирован: 06.12.2008(UTC)
Сообщений: 3,910
Российская Федерация
Откуда: Крипто-Про

Сказал(а) «Спасибо»: 20 раз
Поблагодарили: 685 раз в 646 постах
Здравствуйте.
Можете приложить проблемный сертификат?
Известно, какое ПО установлено в УЦ ЕЭТП?
RSS Лента  Atom Лента
Пользователи, просматривающие эту тему
Быстрый переход  
Вы не можете создавать новые темы в этом форуме.
Вы не можете отвечать в этом форуме.
Вы не можете удалять Ваши сообщения в этом форуме.
Вы не можете редактировать Ваши сообщения в этом форуме.
Вы не можете создавать опросы в этом форуме.
Вы не можете голосовать в этом форуме.