Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

OIM AD SSL - Certificate contains unsupported critical extensions

645631Nov 2 2009 — edited Apr 29 2010

I imported AD certificate into WebLogic java cacerts using keytool. I have done this numerous times before for jboss and it worked without any issues. However, now I am receiving the following error when I perform "Test Basic Connectivity" for AD using Diagnostic Dashboard:

Caused by: javax.naming.CommunicationException: simple bind failed:adhostname:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate contains unsupported critical extensions: [2.5.29.17]]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2658)
at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:287)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)

Also, OIM has the following bug:
Bug 6736667
Critical extensions in an SSL certificate are not supported.

Can someone recommend the changes that need to be made on AD server for this error?

Thanks!

Locked Post

New comments cannot be posted to this locked post.

Locked on May 27 2010

Added on Nov 2 2009

#identity, #identity-management, #identity-manager, #oim

7 comments

2,943 views