This discussion is archived
0 Replies Latest reply: Nov 8, 2012 4:39 AM by user490268 RSS

Check netscape bits 5,6,7 value failed in certificate

user490268 Newbie
Currently Being Moderated
Hi everyone,

Can someone please tell me why am I recieveing this error message when my signed applet is being loaded?
Check netscape bits 5,6,7 value failed in certificate.

From the java code that I've found on this site below, it seems that I need to have either bit 5 & 6 set to false or bit 7 has to be set to true.
Here is the piece of java code.
/ Check Netscape certificate type extension
if (xcert.getExtensionValue(OID_NETSCAPE_CERT_TYPE) != null)
{
// Require either bits 5,6 are false or that at least bit 7 be true
if ((CertUtils.getNetscapeCertTypeBit(xcert, NSCT_SSL_CA) == true ||
CertUtils.getNetscapeCertTypeBit(xcert, NSCT_S_MIME_CA) == true) &&
CertUtils.getNetscapeCertTypeBit(xcert, NSCT_OBJECT_SIGNING_CA) == false)
{
Trace.msgSecurityPrintln("trustdecider.check.basicconstraints.bitvalue");
msg = ResourceManager.getMessage("trustdecider.check.basicconstraints.bitvalue");
throw new CertPathValidatorException(msg);
}
}
http://javasourcecode.org/html/open-source/jdk/jdk-6u23/com/sun/deploy/security/DeployCertPathChecker.java.html

Here is the NetscapeCertType section of my public key:
#6: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
Object Signing
]

Applet was signed by keytool without any warnings, which means all the required "signing" extensions have been provided.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points