0 Replies Latest reply on Nov 8, 2012 12:39 PM by user490268

    Check netscape bits 5,6,7 value failed in certificate

      Hi everyone,

      Can someone please tell me why am I recieveing this error message when my signed applet is being loaded?
      Check netscape bits 5,6,7 value failed in certificate.

      From the java code that I've found on this site below, it seems that I need to have either bit 5 & 6 set to false or bit 7 has to be set to true.
      Here is the piece of java code.
      / Check Netscape certificate type extension
      if (xcert.getExtensionValue(OID_NETSCAPE_CERT_TYPE) != null)
      // Require either bits 5,6 are false or that at least bit 7 be true
      if ((CertUtils.getNetscapeCertTypeBit(xcert, NSCT_SSL_CA) == true ||
      CertUtils.getNetscapeCertTypeBit(xcert, NSCT_S_MIME_CA) == true) &&
      CertUtils.getNetscapeCertTypeBit(xcert, NSCT_OBJECT_SIGNING_CA) == false)
      msg = ResourceManager.getMessage("trustdecider.check.basicconstraints.bitvalue");
      throw new CertPathValidatorException(msg);

      Here is the NetscapeCertType section of my public key:
      #6: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
      NetscapeCertType [
      SSL client
      SSL server
      Object Signing

      Applet was signed by keytool without any warnings, which means all the required "signing" extensions have been provided.