Hi Robert,
This was actually fixed in
https://bugs.openjdk.java.net/browse/JDK-8021804 and is pending a
backport to JDK 7u.
Thanks,
Jason
On 5/28/14 4:04 PM, Robert Gibson wrote:
Hi,
I was researching a StackOverflow question [1] and I came across some behaviour
with the validation of certificate chains that I don't quite understand.
I have a chain consisting of a root certificate with validity period 1999->2019; an
intermediate certificate with validity period 2004->2024; and a server certificate
with validity period 2006->2016.
sun.security.provider.certpath.AdaptableX509CertSelector seems to be choking because the
validity end date of the intermediate certificate is after the validity end date of the
root certificate, even though we are currently within the validity period for all three
certificates. (By the way, -Djava.security.debug=certpath doesn't actually give any
clues as to the reason for the failure, I had to resort to debugging the process.)
Is this expected behaviour? Should I file a bug?
'Invalid' certificate chain is available at [2]. All the browsers I tried
validated it fine, it's just Java 7+ that chokes.
Thanks,
Robbie
[1]
http://stackoverflow.com/questions/23775155/pkix-path-does-not-chain-with-any-of-the-trust-anchors-error-in-windows-environm
[2] https://www.envmgr.com/LabelService/EwsLabelService.asmx
