Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

ParsingException in KEYTOOL

843810Sep 11 2003 — edited Dec 10 2003
Hi!

I used my Microsoft Certificate Server to sign a certificate request, previously created by KEYTOOL.

The signed certificate was produced OK - I can see it with microsoft certificate viewer.

But when I try to open it from KEYTOOL ( either -import or -rintcert),
I got a following java exception: 
sun.security.pkcs.ParsingException: X509.ObjectIdentifier() -- data isn't an object ID (tag = 48)
        at sun.security.pkcs.PKCS7.parse(PKCS7.java:118)
        at sun.security.pkcs.PKCS7.<init>(PKCS7.java:68)
        at sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:530)
        at sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:407)
        at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:511)
        at sun.security.tools.KeyTool.doPrintCert(KeyTool.java:1021)
        at sun.security.tools.KeyTool.doCommands(KeyTool.java:539)
        at sun.security.tools.KeyTool.run(KeyTool.java:124)
        at sun.security.tools.KeyTool.main(KeyTool.java:118)
Caused by: java.io.IOException: X509.ObjectIdentifier() -- data isn't an objectID (tag = 48)
        at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:134)
        at sun.security.util.DerInputStream.getOID(DerInputStream.java:250)
        at sun.security.pkcs.ContentInfo.<init>(ContentInfo.java:120)
        at sun.security.pkcs.PKCS7.parse(PKCS7.java:136)
        at sun.security.pkcs.PKCS7.parse(PKCS7.java:115)
        ... 8 more
keytool error: java.lang.Exception: Failed to parse input
The commands, that I used with KEYTOOL, were:
1) KEYTOOL -genkey -alias aaa -keystore bbb -keysize 512 -keyalg RSA
2) KEYTOOL -certreq -alias aaa -file aaa.req -keystore bbb
3) signing the certificate request (file "aaa.req") with Microsoft Certificate Server (the result was saved in the file "aaa.cer")
4) KEYTOOL -import -alias aaa -file aaa.cer -keystore bbb
or
KEYTOOL -printcert -file aaa.cer

My JSDK version is "j2sdk1.4.2_01".

May be somebody can help me?

I have to use the Microsoft Certificate Server for sertificate signing because its CA certificate was installed in all client browsers in the Trusted Root.

Regards
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jan 7 2004
Added on Sep 11 2003
#cryptography
5 comments
4,360 views