Hi Usha, you might try setting the System property
com.sun.security.ocsp.clockSkew. It takes an integer value for the
clock skew in seconds. Give that a try and let me know how that works out.
--Jamil
On 09/29/2015 06:49 AM, Seshadri, Usha wrote:
Hi,
The following bug reports seems to indicate the OCSP validation code
should permit clock skew when checking the validity of OCSP responses.
1.JDK-674888 (Bug - affected version 6u11)
2.JDK-2166696 (Backport – fixed version 6u10 (b32)
3.JDK-2186994 (Backport – fixed version OpenJDK6 (b18)
4.JDK-2166740 (Backport – fixed version 7 (b41))
I am using Java8, and would expect it to have all the above fixes.
Changing the value of “deployment.security.validation.clockskew” has
no impact on the OCSP certification validation. The certificate
validation always defaults to 15 minutes.
What configurable property (and what file) controls the OCSP
validation clock skew? Any answer will be greatly appreciated!
Thanks,
Usha Seshadri
Lockheed Martin, IS&GS
301-240-7496
LM-logo
