This discussion is archived
3 Replies Latest reply: Mar 10, 2011 3:13 AM by EJP RSS

SSL exception: Duplicate extensions not allowed

845979 Newbie
Currently Being Moderated
Hi,

I have problem with connecting to exchange mail server with java(java mail)
I get this exception.
javax.net.ssl.SSLProtocolException: java.io.IOException: Duplicate extensions not allowed.

Caused by: java.io.IOException: Duplicate extensions not allowed
at sun.security.x509.CertificateExtensions.parseExtension(Unknown Source)
at sun.security.x509.CertificateExtensions.init(Unknown Source)
at sun.security.x509.CertificateExtensions.<init>(Unknown Source)
at sun.security.x509.X509CertInfo.parse(Unknown Source)
  • 1. Re: SSL exception: Duplicate extensions not allowed
    gimbal2 Guru
    Currently Being Moderated
    Okay, so paste "java.io.IOException: Duplicate extensions not allowed" into Google and see what you can find. Don't look for a solution: look for an explanation. That will give you more chance of finding a solution yourself and opens up the way to future prevention.
  • 2. Re: SSL exception: Duplicate extensions not allowed
    845979 Newbie
    Currently Being Moderated
    So, google has very little about that.

    I found that x509 have something like extensions and if i run java with debug -Djavax.net.debug=ssl
    I see

    adding as trusted cert:
    Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
    Issuer: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
    Algorithm: RSA; Serial number: 0x1
    Valid from Wed Oct 01 12:40:14 CEST 2008 until Sun Oct 02 01:59:59 CEST 2033

    adding as trusted cert:
    Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
    Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
    Algorithm: RSA; Serial number: 0x1
    Valid from Sat Jun 26 02:19:54 CEST 1999 until Wed Jun 26 02:19:54 CEST 2019


    I dont know if this is that extensions. But i see that some subject are duplicated. Maybe this is all about.
  • 3. Re: SSL exception: Duplicate extensions not allowed
    EJP Guru
    Currently Being Moderated
    It looks to me like Java doesn't like the certificate provided by the peer.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points