I am working on an application which does certificate path validation that needs to plug into the JSSE framework. So, I have implemented my own X509TrustManager which implement the 'checkClientTrusted' and 'checkServerTrusted' methods such that when the application's certificate path validation fails, it throws a CertificateException as desired by the method signature. Also, CertificateException has four subclasses: CertificateEncodingException, CertificateExpiredException, CertificateNotYetValidException and CertificateParsingException. The subclass of CertificateException that you throw on certificate path validation failure makes JSSE send a relevant TLS alert to the SSL negotiating peer. HOWEVER, the subclasses of CertificateException don't include anything to send many important TLS alerts like certificate_revoked, unsupported_certificate and many more. How can you make JSSE send these alerts in this case?