Certificate for Active Directory with Invalid Extensions Provokes java.security.cert.CertificateException
(Doc ID 1549669.1)
Last updated on NOVEMBER 06, 2018
Applies to:Java SE JDK and JRE - Version 1.5.0 to 7 [Release 1.5 to 7]
Microsoft Windows x64 (64-bit)
After upgrading the internal Root CA (Microsoft Active Directory CA Cert), the “Domain Controller Authentication” certificate has a blank subject field and the Subject Alternate Name (SAN) field is marked critical on the “Domain Controller Authentication” certificate. From Windows Server 2003 to Windows Server 2008, the default Certificate Template for Domain Controller Authentication allows the requestor to specify their Subject Alternative Name and when the certificate is issued, it is marked critical. The Subject Alternative Name critical extension is not a Java supported critical extension and therefore Java emits the following error and client fails to connect to server.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document