Hi,
I was researching a StackOverflow question [1] and I came across some behaviour 
with the validation of certificate chains that I don't quite understand.

I have a chain consisting of a root certificate with validity period 
1999->2019; an intermediate certificate with validity period 2004->2024; and a 
server certificate with validity period 2006->2016. 
sun.security.provider.certpath.AdaptableX509CertSelector seems to be choking 
because the validity end date of the intermediate certificate is after the 
validity end date of the root certificate, even though we are currently within 
the validity period for all three certificates.  (By the way, 
-Djava.security.debug=certpath doesn't actually give any clues as to the reason 
for the failure, I had to resort to debugging the process.)

Is this expected behaviour? Should I file a bug?

'Invalid' certificate chain is available at [2]. All the browsers I tried 
validated it fine, it's just Java 7+ that chokes.

Thanks,
Robbie

[1] 
http://stackoverflow.com/questions/23775155/pkix-path-does-not-chain-with-any-of-the-trust-anchors-error-in-windows-environm
[2] https://www.envmgr.com/LabelService/EwsLabelService.asmx

Reply via email to