Since Java 1.7.0_51 Java webstart refuses to run applications that are not signed by a trusted authority. Now we have our application signed by a certificate that itself is signed by a trusted CA. However we still get the warning that the revocation status of the certificate can't be checked.
It seems to me that the certificate doesn't specify the OCSP responder URI. But where must this OCSP responder URI be specified? In the certificate used for signing the application? In the CA certificate that issued our certificate? In both?
The CA that signs the certificate adds the OCSP url in the certificate that it is signing. So the OCSP responder URL is present in the certificate.