I have been trying to write a servlet that opens a socket connection to an external secure website. The certificate signer of the secure website is a trusted CA and is available in the system wide keystore (jre/lib/security/cacerts). This servlet is hosted on Web Application Server 6.20 SP1.
When I launch this servlet, it fails to establish URl connection with the message untrusted server certificate chain. I added the debug flags and discovered that this was the result of an internal exception which was:
<b>"failed critical extension check: java.lang.Exception: Contains unknown critical extensions"</b>
The only critical extensions in the server certificate and the root certificate is the KeyUsage and BasicConstraint, both of which I believe are standard extensions.
I tried installing Sun JSSE but that did not help. When Sun JSSE is installed, a command line program can successfully connect to the secure server. However, the same code within Web Application Server 6.20 SP1 results in the above exception.
If you have encountered this problem before or a similar problem, I would appreciate your feedback in how you resolved it.