Resolution:
java.security.cert.CertificateException: Unhandled CRITICAL extension: OBJECT ID = XXXXXXX exception. This issue is seen when SSL server presents a root certificate with "CertificatePolicies" critical extension set.

The reason for this exception is the IAIK libraries that are bundled by Entrust security provider - the IAIK ChainVerifier.checkExtensions() method does not handle this extension.

The workaround is to use Sun's jsse security provider instead of entrust by setting property:
java.property.TIBCO_SECURITY_VENDOR=j2se
    
This error may see in some old BW & TRA environment.