wood burning stoves*
The moose likes Security and the fly likes X509 error - data isn't an object ID (tag = 48) Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "X509 error - data isn Watch "X509 error - data isn New topic

X509 error - data isn't an object ID (tag = 48)

Jonas Ladenfors

Joined: Jun 28, 2004
Posts: 7

I am trying to create a new certificate for my tomcat server but I cannot import my key with keytool. I haven't been able to figure out what is causing it so I thought I'd see here if anyone recognizes my problem.

I first create my private key using
keytool -genkey -keyalg RSA -alias tomcat -keystore [keystore name]

Then I generate my CSR
keytool -certreq -alias tomcat -keyalg RSA -file certreq.csr -keystore [keystorename]

So far so good but here I try to import my new cert with
keytool -import -alias tomcat -trustcacerts -file certreq.csr -keystore [keystorename]

Here I receive the following error

sun.security.pkcs.ParsingException: X509.ObjectIdentifier() -- data isn't an object ID (tag = 48)
at sun.security.pkcs.PKCS7.parse(PKCS7.java:118)
at sun.security.pkcs.PKCS7.<init>(PKCS7.java:68)
at sun.security.tools.KeyTool.installReply(KeyTool.java:1193)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:504)
at sun.security.tools.KeyTool.run(KeyTool.java:124)
at sun.security.tools.KeyTool.main(KeyTool.java:118)
Caused by: java.io.IOException: X509.ObjectIdentifier() -- data isn't an
ID (tag = 48)
at sun.security.pkcs.ContentInfo.<init>(ContentInfo.java:120)
at sun.security.pkcs.PKCS7.parse(PKCS7.java:136)
at sun.security.pkcs.PKCS7.parse(PKCS7.java:115)
... 8 more
nyckelverktygsfel: java.security.cert.CertificateException:
r() -- data isn't an object ID (tag = 48)

Anyone recognize the problem?

Lewin Chan
Ranch Hand

Joined: Oct 10, 2001
Posts: 214
Are you sure you want to be generating a certificate signing request?

From the steps you've listed, you're trying to import a certificate signing request (which is not a certificate) into your keystore.

I would modify your steps to do either 1 of the following thigns.

a) Don't do a -certreq, do a -export instead, and then -import
b) still do a -certreq, but get your certificate signed by verisign and import that instead.

Why don't you try http://portecle.sourceforge.net which puts a nice little gui wrapper around things for you


I have no java certifications. This makes me a bad programmer. Ignore my post.
Consider Paul's rocket mass heater.
subject: X509 error - data isn't an object ID (tag = 48)
Similar Threads
configuration SSL in Tomcat
configuration SSL in Tomcat
TomCat and SSL cert
Getting Sequence Tag Error
configuration SSL in Tomcat