Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Tim Moores
  • Carey Brown
  • Mikalai Zaikin
Bartenders:
  • Lou Hamers
  • Piet Souris
  • Frits Walraven

X509 error - data isn't an object ID (tag = 48)

 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,

I am trying to create a new certificate for my tomcat server but I cannot import my key with keytool. I haven't been able to figure out what is causing it so I thought I'd see here if anyone recognizes my problem.

I first create my private key using
keytool -genkey -keyalg RSA -alias tomcat -keystore [keystore name]

Then I generate my CSR
keytool -certreq -alias tomcat -keyalg RSA -file certreq.csr -keystore [keystorename]

So far so good but here I try to import my new cert with
keytool -import -alias tomcat -trustcacerts -file certreq.csr -keystore [keystorename]

Here I receive the following error

sun.security.pkcs.ParsingException: X509.ObjectIdentifier() -- data isn't an object ID (tag = 48)
at sun.security.pkcs.PKCS7.parse(PKCS7.java:118)
at sun.security.pkcs.PKCS7.<init>(PKCS7.java:68)
at
sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.ja
va:530)
at
sun.security.provider.X509Factory.engineGenerateCertificates(X509Fact
ory.java:407)
at
java.security.cert.CertificateFactory.generateCertificates(Certificat
eFactory.java:511)
at sun.security.tools.KeyTool.installReply(KeyTool.java:1193)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:504)
at sun.security.tools.KeyTool.run(KeyTool.java:124)
at sun.security.tools.KeyTool.main(KeyTool.java:118)
Caused by: java.io.IOException: X509.ObjectIdentifier() -- data isn't an
object
ID (tag = 48)
at
sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:134)
at
sun.security.util.DerInputStream.getOID(DerInputStream.java:250)
at sun.security.pkcs.ContentInfo.<init>(ContentInfo.java:120)
at sun.security.pkcs.PKCS7.parse(PKCS7.java:136)
at sun.security.pkcs.PKCS7.parse(PKCS7.java:115)
... 8 more
nyckelverktygsfel: java.security.cert.CertificateException:
X509.ObjectIdentifie
r() -- data isn't an object ID (tag = 48)


Anyone recognize the problem?

/Jonas
 
Ranch Hand
Posts: 214
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Are you sure you want to be generating a certificate signing request?

From the steps you've listed, you're trying to import a certificate signing request (which is not a certificate) into your keystore.

I would modify your steps to do either 1 of the following thigns.

a) Don't do a -certreq, do a -export instead, and then -import
b) still do a -certreq, but get your certificate signed by verisign and import that instead.

Why don't you try http://portecle.sourceforge.net which puts a nice little gui wrapper around things for you

L
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic