diff --git a/src/main/java/com/nis/domain/callback/ProxyObjTrustedCa.java b/src/main/java/com/nis/domain/callback/ProxyObjTrustedCa.java
index d2692e684..a7a65e8f8 100644
--- a/src/main/java/com/nis/domain/callback/ProxyObjTrustedCa.java
+++ b/src/main/java/com/nis/domain/callback/ProxyObjTrustedCa.java
@@ -3,6 +3,7 @@ package com.nis.domain.callback;
 import java.util.Date;
 
 import com.google.gson.annotations.Expose;
+import com.nis.web.service.BaseService;
 public class ProxyObjTrustedCa {
 	@Expose
 	private Long id; //compileId
@@ -64,6 +65,7 @@ public class ProxyObjTrustedCa {
 		return certName;
 	}
 	public void setCertName(String certName) {
+		certName=BaseService.keywordsEscape(certName);
 		this.certName = certName;
 	}
 	public String getCertFile() {
diff --git a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java
index 291e0cba0..dd49a0c5f 100644
--- a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java
+++ b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java
@@ -777,9 +777,11 @@ public class PxyObjKeyringController extends BaseController  {
 					try {
 						pxyObjKeyringService.trustedCertAudit(isAudit,isValid,functionId,id,auditTime);
 					} catch (MaatConvertException e) {
+						e.printStackTrace();
 						logger.error(e);
 						addMessage(redirectAttributes,"error", "request_service_failed");
 					}catch (Exception e) {
+						e.printStackTrace();
 						logger.error(e);
 						addMessage(redirectAttributes,"error", "audit_failed");
 					}
diff --git a/src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java b/src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java
index 9dc9f936b..97ce21885 100644
--- a/src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java
+++ b/src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java
@@ -405,7 +405,7 @@ public class PxyObjKeyringService extends BaseService{
 		crlCfg=pxyObjKeyringDao.getPxyObjTrustedCaCrl(crlCfg);
 		
 		//失效配置，将子表的失效来函设置与主表相同
-		if(cfg.getIsAudit()==3){
+		if(cfg.getIsAudit()==3 && crlCfg != null){
 			//设置配置取消的来函信息
 			serviceDictInfoDao.auditCancleRequestInfo(cfg.getCancelRequestId(), 
 					"pxy_obj_trusted_ca_crl",