This issue is a limitation of the default CertificateFactory in Java 6
(sun.security.provider.X509Factory). Starting with Java 7 comments are
properly skipped when parsing PEM files (see the readOneBlock() method
in X509Factory.java ).
Considering that OpenJDK6 is going to be removed for Jessie I suggest
marking this bug as wontfix.
This is the maintainer address of Debian's Java team
debian-j...@lists.debian.org for discussions and questions.