File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Sockets and Internet Protocols and the fly likes Assigning a manually read certificate to the trustStore Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "Assigning a manually read certificate to the trustStore" Watch "Assigning a manually read certificate to the trustStore" New topic

Assigning a manually read certificate to the trustStore

Rogelio Sevilla

Joined: Sep 20, 2011
Posts: 1
Good day to everyone :-D,

This is my first post, I hope my question isn't too basic .

I have been assigned an old project here on my job and I have stumbled with a problem that I have not been able to solve :-S. Currently, the project code needs to read a keystore file to be able to visit an ssl site. To achieve this, it assigns the keystore file path to the system property doing something like this:


The problem is that, when doing this, I get an exception similar to this one: DerInputStream.getLength(): lengthTag=06, too big.

During the execution of this line:

HttpsURLConnection urlc = (HttpsURLConnection) url.openConnection();

After some googling, I found that the problem was, most likely, an error within the keystore file. However, one of my partners ran the exact same project code, with the exact same jks file without any problem :-s . I debugged the application and found out that, on my PC, the jks content was not being read completely as in my partner's pc... weird (on my pc, the code doesn't read the last 6 characters). I tried to find any difference between my partner's machine and mine without success.

Anyway, i created a function where I read the same content from a certificate file, not from a keystore. I'm doing something like this:

public X509Certificate getCertificate() {
try {

InputStream inStream = new FileInputStream("config/myCertificate.cer");
CertificateFactory cf = CertificateFactory.getInstance("X.509");

X509Certificate cert = (X509Certificate) cf.generateCertificate(inStream);
return cert;
} catch (Exception e) {
throw new RuntimeException(e);

When I use the next two lines:

X509Certificate cer = cl.getCertificate();
String sig = new String(cer.getSignature());

I get the complete signature of the certificate, which doesn't happen when using the original code on the old project in my machine. As you can see, on my method, I read a .cer file, not a .jks file. My question is:

Is there any way i can use the certificate i'm getting with this function to be able to visit the ssl site instead of using the original code? (the one using the property)?

Any advice would be appreciated.

Thanks a lot in advance :-D
Tushar Kapila
Ranch Hand

Joined: Dec 23, 2007
Posts: 35

maybe you can use http client instead of URL to make connections and read server pages/ objects |
It is sorta covered in the JavaRanch Style Guide.
subject: Assigning a manually read certificate to the trustStore
It's not a secret anymore!