Is internet access needed for CA signed applet?

Question

We coded a java applet and signed it through a Certificate Authority, Entrust. When the applet is deployed through any browser, we can see in java console logs that a request is made to the CA:

network: Connecting http://ocsp.entrust.net/ with proxy=DIRECT
security: OCSP Response: GOOD

However, our client has some computers in an intranet without internet connection.

So, is there a way to avoid any internet request to CA server?

score 3 · Answer 1 · answered Oct 22 '13 at 20:26

3

You will find this option from Java Control Panel >> Advanced tab

Perform Certificate revocation checks on: Publishers certificate only; All certificates in the chain of trust (default and recommended); Do not check (not recommended)

http://www.java.com/en/download/help/revocation_options.xml

However, you will have to change it for each computer in the intranet.

answered Oct 22 '13 at 20:26

authcate

1,125
6
13

Good to know :) But still, no option in manifest.mf, jnlp file or whatever? – Xavier Portebois Oct 23 '13 at 06:53
2

from the applet side, I don't think there is. it seems like it will defeat the purpose of it – authcate Oct 29 '13 at 20:19
Seems logical indeed. – Xavier Portebois Nov 13 '13 at 09:50

Is internet access needed for CA signed applet?

1 Answers1

Linked