3 Replies Latest reply: Mar 10, 2011 5:13 AM by EJP RSS

    SSL exception: Duplicate extensions not allowed

    845979
      Hi,

      I have problem with connecting to exchange mail server with java(java mail)
      I get this exception.
      javax.net.ssl.SSLProtocolException: java.io.IOException: Duplicate extensions not allowed.

      Caused by: java.io.IOException: Duplicate extensions not allowed
      at sun.security.x509.CertificateExtensions.parseExtension(Unknown Source)
      at sun.security.x509.CertificateExtensions.init(Unknown Source)
      at sun.security.x509.CertificateExtensions.<init>(Unknown Source)
      at sun.security.x509.X509CertInfo.parse(Unknown Source)
        • 1. Re: SSL exception: Duplicate extensions not allowed
          gimbal2
          Okay, so paste "java.io.IOException: Duplicate extensions not allowed" into Google and see what you can find. Don't look for a solution: look for an explanation. That will give you more chance of finding a solution yourself and opens up the way to future prevention.
          • 2. Re: SSL exception: Duplicate extensions not allowed
            845979
            So, google has very little about that.

            I found that x509 have something like extensions and if i run java with debug -Djavax.net.debug=ssl
            I see

            adding as trusted cert:
            Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
            Issuer: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
            Algorithm: RSA; Serial number: 0x1
            Valid from Wed Oct 01 12:40:14 CEST 2008 until Sun Oct 02 01:59:59 CEST 2033

            adding as trusted cert:
            Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
            Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
            Algorithm: RSA; Serial number: 0x1
            Valid from Sat Jun 26 02:19:54 CEST 1999 until Wed Jun 26 02:19:54 CEST 2019


            I dont know if this is that extensions. But i see that some subject are duplicated. Maybe this is all about.
            • 3. Re: SSL exception: Duplicate extensions not allowed
              EJP
              It looks to me like Java doesn't like the certificate provided by the peer.