000022808 - Error: 'Could not load Certificate: java.security.cert.CertificateParsingException: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name  IPv4 address  or IPv6 address' in RSA ClearTrust

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022808
Applies ToRSA ClearTrust 5.5.3 Authorization Server (AServer)
RSA ClearTrust 5.5.3 Entitlements Server (EServer)
IssueError: "Could not load Certificate: java.security.cert.CertificateParsingException: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address" in RSA ClearTrust
CauseA bug in the JRE delivered with RSA ClearTrust 5.5.3 prevents it from starting correctly if any CRL path of any certificate in the keystore contains the "\" character. Below is an example of such a certificate generated by Microsoft CA:

[1]CRL Distribution Point
     Distribution Point Name:
          Full Name:
               URL=http://test.company/CertEnroll/ray-CA.crl
               URL=file://\\test.company\CertEnroll\ray-CA.crl

As you can see, the second CRL URL contains "\\". Please see this article for additional details: SUN Bug DB.
ResolutionTo correct this issue, remove any CRL distribution points containing "\" from your certificates.
Legacy Article IDa30474

Attachments

    Outcomes