Has anyone experienced this ?
I am connecting to a https site and get this exception:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate contains unsupported critical extensions: [2.5.29.17] This is very strange, because X509 Certificate extension 2.5.29.17 is a well known and documented extension which is mentioned in the javadocs for interface X509Extension, method
getExtensionValue: extension 2.5.29.17 is the
SubjectAlternativeName extension.
If I connect to the same site disabling certificate validation, I can download the certificate chain and display information on each certificate.
If I call the X509Extension method
hasUnsupportedCriticalExtension() it returns
false on each certificate on the chain. If I save the certificates of the chain in a keystore and open the keystore with Portecle (an opensource
java GUI equivalent of the Keytool) I can see each extension of each certificate without any exceptions.
I have detected this problem first with JDK 1.4.2. Then I installed JDK 1.5 update 1 and found out that this same Exception was still occurring !
Has anybody seen this before ?