Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

X509 error - data isn't an object ID (tag = 48)

 
Jonas Ladenfors
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

I am trying to create a new certificate for my tomcat server but I cannot import my key with keytool. I haven't been able to figure out what is causing it so I thought I'd see here if anyone recognizes my problem.

I first create my private key using
keytool -genkey -keyalg RSA -alias tomcat -keystore [keystore name]

Then I generate my CSR
keytool -certreq -alias tomcat -keyalg RSA -file certreq.csr -keystore [keystorename]

So far so good but here I try to import my new cert with
keytool -import -alias tomcat -trustcacerts -file certreq.csr -keystore [keystorename]

Here I receive the following error

sun.security.pkcs.ParsingException: X509.ObjectIdentifier() -- data isn't an object ID (tag = 48)
at sun.security.pkcs.PKCS7.parse(PKCS7.java:118)
at sun.security.pkcs.PKCS7.<init>(PKCS7.java:68)
at
sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.ja
va:530)
at
sun.security.provider.X509Factory.engineGenerateCertificates(X509Fact
ory.java:407)
at
java.security.cert.CertificateFactory.generateCertificates(Certificat
eFactory.java:511)
at sun.security.tools.KeyTool.installReply(KeyTool.java:1193)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:504)
at sun.security.tools.KeyTool.run(KeyTool.java:124)
at sun.security.tools.KeyTool.main(KeyTool.java:118)
Caused by: java.io.IOException: X509.ObjectIdentifier() -- data isn't an
object
ID (tag = 48)
at
sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:134)
at
sun.security.util.DerInputStream.getOID(DerInputStream.java:250)
at sun.security.pkcs.ContentInfo.<init>(ContentInfo.java:120)
at sun.security.pkcs.PKCS7.parse(PKCS7.java:136)
at sun.security.pkcs.PKCS7.parse(PKCS7.java:115)
... 8 more
nyckelverktygsfel: java.security.cert.CertificateException:
X509.ObjectIdentifie
r() -- data isn't an object ID (tag = 48)


Anyone recognize the problem?

/Jonas
 
Lewin Chan
Ranch Hand
Posts: 214
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you sure you want to be generating a certificate signing request?

From the steps you've listed, you're trying to import a certificate signing request (which is not a certificate) into your keystore.

I would modify your steps to do either 1 of the following thigns.

a) Don't do a -certreq, do a -export instead, and then -import
b) still do a -certreq, but get your certificate signed by verisign and import that instead.

Why don't you try http://portecle.sourceforge.net which puts a nice little gui wrapper around things for you

L
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic