wood burning stoves
The moose likes Security and the fly likes Getting Sequence Tag Error Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Head First Android this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Getting Sequence Tag Error" Watch "Getting Sequence Tag Error" New topic

Getting Sequence Tag Error

viswa nathan

Joined: Aug 07, 2008
Posts: 2

I have a .der format certificate. I want to import this into a keystore.
But I am getting the following exception while doing the import
keytool error: java.lang.Exception: Input not an X.509 certificate

If i try to print the certification using -printcert, it gives the following exception
sun.security.pkcs.ParsingException: Sequence tag error
at sun.security.pkcs.PKCS7.parse(PKCS7.java:118)
at sun.security.pkcs.PKCS7.<init>(PKCS7.java:68)
at sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:530)
at sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:407)
at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:511)
at sun.security.tools.KeyTool.doPrintCert(KeyTool.java:1021)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:539)
at sun.security.tools.KeyTool.run(KeyTool.java:124)
at sun.security.tools.KeyTool.main(KeyTool.java:118)
Caused by: java.io.IOException: Sequence tag error
at sun.security.util.DerInputStream.getSequence(DerInputStream.java:266)
at sun.security.pkcs.ContentInfo.<init>(ContentInfo.java:112)
at sun.security.pkcs.PKCS7.parse(PKCS7.java:136)
at sun.security.pkcs.PKCS7.parse(PKCS7.java:115)
... 8 more

I also tried converting the .der to .pem using utils.der2pem.java which is available in weblogic.
After converting the file, Header and footer "----BEGIN" and "----End" have been inserted into the certificate.
But Still i am getting the same exception. Can any one of you help me? I am breaking my head for the past 3 days for this issue.
greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
Why can't the error message be correct? It's not a DER-formatted X509 certificate would be my guess.

Nice to meet you.
viswa nathan

Joined: Aug 07, 2008
Posts: 2
Thanks. Can you tell one example using keytool to find out the format of the .der file
and also to convert the same to X509 format.
greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
keytool can handle either the binary DER format or the base64 PEM format for certificates, so my guess is that your file is not a certificate file. If you have enough experience, you can usually examine the first few bytes of the file and determine what kind of file it is. You'd need a hex editor to look at the file if it is a binary format. Perhaps if you can provide some history of how you came to possess this file I might be able to guess what kind of file it is.
I agree. Here's the link: http://aspose.com/file-tools
subject: Getting Sequence Tag Error
It's not a secret anymore!