keytool -printcert error
843811Aug 28 2003 — edited Jul 8 2005I am trying to use the -printcert option of keytool to view the detail of a digital signing certificate and keep receiving the following error:
sun.security.pkcs.ParsingException: X509.ObjectIdentifier() -- data isn't an object ID (tag = 48)
at sun.security.pkcs.PKCS7.parse(Unknown Source)
at sun.security.pkcs.PKCS7.<init>(Unknown Source)
at sun.security.provider.X509Factory.parseX509orPKCS7Cert(Unknown Source)
at sun.security.provider.X509Factory.engineGenerateCertificates(Unknown Source)
at java.security.cert.CertificateFactory.generateCertificates(Unknown Source)
at sun.security.tools.KeyTool.doPrintCert(Unknown Source)
at sun.security.tools.KeyTool.doCommands(Unknown Source)
at sun.security.tools.KeyTool.run(Unknown Source)
at sun.security.tools.KeyTool.main(Unknown Source)
Caused by: java.io.IOException: X509.ObjectIdentifier() -- data isn't an object ID (tag = 48)
at sun.security.util.ObjectIdentifier.<init>(Unknown Source)
at sun.security.util.DerInputStream.getOID(Unknown Source)
at sun.security.pkcs.ContentInfo.<init>(Unknown Source)
at sun.security.pkcs.PKCS7.parse(Unknown Source)
... 9 more
keytool error: java.lang.Exception: Failed to parse input
I can use both openssl and the windows certificate viewer with no problems. As a result, I'm pretty confident that the certificate is valid. I have narrowed the problem to the inclusion of the non-critical private key usage period extension in the X.509 certificate. When I attempt to print the same certificate without the private key usage period extension included, I have no problems. I wondering if there are any known limitations within keytool regarding the use of this extension?