请帮我处理自签名撤销检查我用makecert.exe来创buildroot和客户端证书
问题是certutil无法检查错误The revocation function was unable to check revocation for the certificate. 0x80092012证书The revocation function was unable to check revocation for the certificate. 0x80092012 The revocation function was unable to check revocation for the certificate. 0x80092012这里是我用来创build根目录的命令参数
makecert.exe -sky signature -pe -n CN=XML_ROOT_TEST -r -sv rootMyCA.pvk -sr LocalMachine -ss Root rootMyCA.cer
和客户证书
makecert -pe -ic rootMyCA.cer -n "CN=XML_SIGN_TEST_CERT" -is Root -sv xml_sign_test.pvk -b 01/09/2017 -e 01/09/2019 xml_sign_test.cer pvk2pfx -pvk xml_sign_test.pvk -spc xml_sign_test.cer -pfx xml_sign_test.pfx -f
然后我试着跑
certutil -verify -urlfetch d:\Tests\xml_sign_test.cer
但是失败了
The revocation function was unable to check revocation for the certificate. 0x80092012 (-2146885614 CRYPT_E_NO_REVOCATION_CHECK) Revocation check skipped -- no revocation information available Cannot check leaf certificate revocation status CertUtil: -verify command completed successfully.
我试图使用makecert并生成crl撤销清单如下
makecert -crl -n CN=XML_ROOT_TEST -sv rootMyCA.pvk rootMyCA.crl
那么我已经将这个列表导入本地机器\受信任的根证书颁发机构,但没有运气,certutil仍然失败
我怎样才能正确生成CRL列表? 是否有可能生成x509证书,而不使用makecert撤销检查?