我怀疑
the process of building the CRL cache可能会导致某些应用程序出现延迟.
我们有几个.NET应用程序偶尔“行动缓慢”,没有cpu或磁盘访问.我怀疑他们在尝试验证证书时挂起了身份验证,因为超时几乎是20秒.
Most applications do not specify to CryptoAPI to use a cumulative
time-out. If the cumulative time-out option is not enabled,CryptoAPI
uses the CryptoAPI default setting which is a time-out of 15 seconds
per URL. If the cumulative time-out option specified by the
application,then CryptoAPI will use a default setting of 20 seconds
as the cumulative timeout. The first URL receives a maximum timeout of
10 seconds. Each subsequent URL timeout is half of the remaining
balance in the cumulative timeout value.
由于这是一项服务,我如何检测和记录CryptoAPI挂起我有源代码的应用程序,以及第三方
获取更多信息的一种方法是启用CAPI2事件日志
>打开Eventvwr – >应用程序和服务日志 – >
>微软 – > Windows – > CAPI2 – >操作 – >
>右键单击“启用日志”
事件日志中显示的信息将有助于确定证书验证过程在很长一段时间内的位置.
启用日志记录
wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:true
将日志保存到文件
wevtutil.exe epl Microsoft-Windows-CAPI2/Operational filename.elf
禁用日志记录
wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:false
清除日志
wevtutil.exe cl Microsoft-Windows-CAPI2/Operational