• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Getting Sequence Tag Error

 
viswa nathan
Greenhorn
Posts: 2
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I have a .der format certificate. I want to import this into a keystore.
But I am getting the following exception while doing the import
keytool error: java.lang.Exception: Input not an X.509 certificate


If i try to print the certification using -printcert, it gives the following exception
sun.security.pkcs.ParsingException: Sequence tag error
at sun.security.pkcs.PKCS7.parse(PKCS7.java:118)
at sun.security.pkcs.PKCS7.<init>(PKCS7.java:68)
at sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:530)
at sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:407)
at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:511)
at sun.security.tools.KeyTool.doPrintCert(KeyTool.java:1021)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:539)
at sun.security.tools.KeyTool.run(KeyTool.java:124)
at sun.security.tools.KeyTool.main(KeyTool.java:118)
Caused by: java.io.IOException: Sequence tag error
at sun.security.util.DerInputStream.getSequence(DerInputStream.java:266)
at sun.security.pkcs.ContentInfo.<init>(ContentInfo.java:112)
at sun.security.pkcs.PKCS7.parse(PKCS7.java:136)
at sun.security.pkcs.PKCS7.parse(PKCS7.java:115)
... 8 more

I also tried converting the .der to .pem using utils.der2pem.java which is available in weblogic.
After converting the file, Header and footer "----BEGIN" and "----End" have been inserted into the certificate.
But Still i am getting the same exception. Can any one of you help me? I am breaking my head for the past 3 days for this issue.
 
greg stark
Ranch Hand
Posts: 220
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why can't the error message be correct? It's not a DER-formatted X509 certificate would be my guess.
 
viswa nathan
Greenhorn
Posts: 2
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks. Can you tell one example using keytool to find out the format of the .der file
and also to convert the same to X509 format.
 
greg stark
Ranch Hand
Posts: 220
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
keytool can handle either the binary DER format or the base64 PEM format for certificates, so my guess is that your file is not a certificate file. If you have enough experience, you can usually examine the first few bytes of the file and determine what kind of file it is. You'd need a hex editor to look at the file if it is a binary format. Perhaps if you can provide some history of how you came to possess this file I might be able to guess what kind of file it is.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic