Hi,
Recently a trading partner obtained an SMIME cert from Symantec. Our software still runs with Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2). There is a known internal defect with java 1.4.2 in relation processing the "critical" Extended Key Usage extension for non-CA certificates.
The question is why would Symantec issue the certificate to a customer with extension as critical where in RFC5280, which deals with certificate extensions (http://www.rfc-editor.org/rfc/rfc5280.txt ) has a caveat of "certificate issuers are cautioned that marking such extensions as critical may inhibit interoperability"?
May a customer request of Symantec a certificate with Exhanced Key Usage set to criticality=false instead of true? Our old software does recognize the KeyUsage in the cert but does not process it when criticality=true but does when criticality=false.
Looking for reasons why Symantec sets Certificate Extensions of Extended Key Usage to criticality=true versus criticality=false, as recommended in RFC5280 and whether it is a simple request to reissue with criticality=false.
Thank you for your time.