[Openca-Users] Problem with the CA Certificate using Java 1.4.2 keytool

Mon, 21 Nov 2005 05:49:04 -0800 

I have recently installed OpenCa on a Linux RedHat 9 for testing

purposes mainly.
The installation went ok.
Then I did the following things:
1. I generated a keypair and a certificate request using the keytool Java (jdk 1.4.2) 
2. I used this CSR on OpenCA to get a server certificate
3. I tried to import it using the keytool and got the following output:
"keytool error: java.lang.Exception: Failed to establish chain from reply" 
   This seemed normal as long as my CA is not trusted by default by Java.
4. Thus, I tried to import the CA Certificate and got the following error message:
sun.security.pkcs.ParsingException: X509.ObjectIdentifier() -- data isn't an object ID (tag = 48) 
       at sun.security.pkcs.PKCS7.parse(PKCS7.java:118)
       at sun.security.pkcs.PKCS7.<init>(PKCS7.java:68)
at sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:530) at sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:407) at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:511) 
       at sun.security.tools.KeyTool.doPrintCert(KeyTool.java:1021)
       at sun.security.tools.KeyTool.doCommands(KeyTool.java:539)
       at sun.security.tools.KeyTool.run(KeyTool.java:124)
       at sun.security.tools.KeyTool.main(KeyTool.java:118)
Caused by: java.io.IOException: X509.ObjectIdentifier() -- data isn't an objectID (tag = 48) at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:134) 
       at sun.security.util.DerInputStream.getOID(DerInputStream.java:250)
       at sun.security.pkcs.ContentInfo.<init>(ContentInfo.java:120)
       at sun.security.pkcs.PKCS7.parse(PKCS7.java:136)
       at sun.security.pkcs.PKCS7.parse(PKCS7.java:115)
       ... 8 more
keytool error: java.lang.Exception: Failed to parse input

Notes:
1) I have the same error when simply trying to print this certificate with "keytool -printcert -file <keystore>" 
2) I tried all the types of certificates (PEM, DER, CER, CRT) => none works
3) The other certificate (not the CA certificate) is perfectly readable using the same "keytool -printcert -file <keystore>" 

Am I doing something wrong ? Can anybody help me ?
Thanks in advance.


begin:vcard
fn:Vahlas Nicolas
n:Nicolas;Vahlas
org:Quality & Reliability
adr;quoted-printable;quoted-printable:;;=CE=9A=CE=BF=CE=BD=CE=AF=CF=84=CF=83=CE=B7=CF=82 11=CE=92;=CE=9C=CE=B1=CF=81=CE=BF=CF=8D=CF=83=CE=B9;;151 25;Greece
email;internet:[EMAIL PROTECTED]
tel;work:210 80 29 409  (270)
x-mozilla-html:FALSE
version:2.1
end:vcard

Reply via email to