Being unable to using a PKCS#12 file created by openSSL with 3 different applications - Java jarsigner, Firefox/Thunderbird and KeyStoreBuilder of the package "not-yet-commons-ssl" <http://juliusdavies.ca/commons-ssl/> - I think that the problem may well be attributed to an error in the PKCS#12 file.
All 3 errors are due to the use of the "friendlyName" in the PKCS#12 file. Even so the Mozilla products don't explain why they don't accept the file contents, removing the friendlyName from the the p12 file makes it acceptable. The java utility jarsigner and KeyStorBuilder 0.3.9 issue the error message: "java.io.IOException: Attribute 1.2.840.113549.1.9.20.9.20 should have a value DerInputStream.getLength(): lengthTag=32, too big" OID 1.2.840.113549.1.9.20 represents "PKCS-9 Attribute : friendlyName". KeyStoreBuilder even tracks the error: java.io.IOException: Attribute 1.2.840.113549.1.9.20 should have a value DerInputStream.getLength(): lengthTag=32, too big. at sun.security.pkcs12.PKCS12KeyStore.loadSafeContents(PKCS12KeyStore.java:1426) at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1291) at java.security.KeyStore.load(KeyStore.java:1201) at org.apache.commons.ssl.KeyStoreBuilder.tryJKS(KeyStoreBuilder.java:450) at org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:341) at org.apache.commons.ssl.KeyStoreBuilder.build(KeyStoreBuilder.java:98) at org.apache.commons.ssl.KeyStoreBuilder.main(KeyStoreBuilder.java:540) Even so the problem may be attributed to the applications, I suspect that the fact that it happens with 3 applications rather points to an error in the PKCS#12 file. Any ideas Regards Willy Weisz -- ----------------------------------------------------------- Willy Weisz European Centre for Parallel Computing at Vienna (VCPC) Institute of Scientific Computing University of Vienna Nordbergstrasse 15/C312 A-1090 Wien Tel: (+43 1) 4277 - 39424 Fax: (+43 1) 4277 - 9394 e-mail: we...@vcpc.univie.ac.at ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org