Forum Stats

  • 3,826,612 Users
  • 2,260,677 Discussions
  • 7,897,031 Comments

Discussions

IOException: duplicate extensions not allowed when using Siemens certificate in server

WimVriend
WimVriend Member Posts: 1

Dear experts,

I am trying to connect to the webserver of a Siemens S7-1500 PLC using a java-based client (version 1.8.0_66). The following error is thrown:

27/09 13:50:02:040[WT-EventQueue-0] show[uri=http://10.58.200.70/Portal/Portal.mwsl?coming_from_intro=true&PriNav=Start&intro_enter_button=ENTER][parameters=coming_from_intro=true, PriNav=Start, intro_enter_button=ENTER, ]

27/09 13:50:04:724[zationUpdates-1] Load toc

sep 27, 2018 1:50:24 PM com.sun.webkit.network.URLLoader doRun

WARNING: Unexpected error

javax.net.ssl.SSLProtocolException: java.io.IOException: Duplicate extensions not allowed

    at sun.security.ssl.HandshakeMessage$CertificateMsg.<init>(Unknown Source)

    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)

    at sun.security.ssl.Handshaker.processLoop(Unknown Source)

    at sun.security.ssl.Handshaker.process_record(Unknown Source)

    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)

    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)

    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)

    at com.sun.webkit.network.URLLoader.sendRequest(Unknown Source)

    at com.sun.webkit.network.URLLoader.doRun(Unknown Source)

    at com.sun.webkit.network.URLLoader.lambda$run$91(Unknown Source)

    at java.security.AccessController.doPrivileged(Native Method)

    at com.sun.webkit.network.URLLoader.run(Unknown Source)

    at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)

    at java.util.concurrent.FutureTask.run(Unknown Source)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

    at java.lang.Thread.run(Unknown Source)

Caused by: java.security.cert.CertificateParsingException: java.io.IOException: Duplicate extensions not allowed

    at sun.security.x509.X509CertInfo.<init>(Unknown Source)

    at sun.security.x509.X509CertImpl.parse(Unknown Source)

    at sun.security.x509.X509CertImpl.<init>(Unknown Source)

    at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)

    at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)

    ... 21 more

Caused by: java.io.IOException: Duplicate extensions not allowed

    at sun.security.x509.CertificateExtensions.parseExtension(Unknown Source)

    at sun.security.x509.CertificateExtensions.init(Unknown Source)

    at sun.security.x509.CertificateExtensions.<init>(Unknown Source)

    at sun.security.x509.X509CertInfo.parse(Unknown Source)

    ... 26 more

It seems that the certificate created by Siemens is not exactly formatted the way java likes it. However, it is very well possible to connect to the webserver using any web-browser or non-java client, so it seems that only the java implementation considers this certificate to be "BAD".

Is there a way to bypass this problem? NB: it is not possible to change the certificate in the server!

This discussion has been closed.