Error Importing Certificate file Using Keytool

When keytool tries to do a certificate import, it first tries the X.509 format, and then the PKCS 7 format. Looking at your error output, keytool already goes to the 2nd phase (trying PKCS 7). However, the BEGIN CERTIFICATE- shows it should be more likely an X.509 format, and the error message shows the 1st byte is 48, which looks even more likely an X.509.

So I suspect the file is X.509 but the parsing process has some error and keytool fallback to PKCS7. Can you try "keytool -printcert" your file? This should reveal the X.509 parsing error.

wangwja at 2007-7-12 19:46:04 >

It failed the printcert command So its failing the second step in the PKCS7 parsing.

C:\j2sdk1.4.2_08\jre\lib\security>keytool -printcert -file SOTROOT.cer

sun.security.pkcs.ParsingException: X509.ObjectIdentifier() -- data isn't an obj

ect ID (tag = 48)

at sun.security.pkcs.PKCS7.parse(PKCS7.java:118)

at sun.security.pkcs.PKCS7.<init>(PKCS7.java:68)

at sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.ja

va:530)

at sun.security.provider.X509Factory.engineGenerateCertificates(X509Fact

ory.java:407)

at java.security.cert.CertificateFactory.generateCertificates(Certificat

eFactory.java:511)

at sun.security.tools.KeyTool.doPrintCert(KeyTool.java:1021)

at sun.security.tools.KeyTool.doCommands(KeyTool.java:539)

at sun.security.tools.KeyTool.run(KeyTool.java:124)

at sun.security.tools.KeyTool.main(KeyTool.java:118)

Caused by: java.io.IOException: X509.ObjectIdentifier() -- data isn't an object

ID (tag = 48)

at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:134)

at sun.security.util.DerInputStream.getOID(DerInputStream.java:250)

at sun.security.pkcs.ContentInfo.<init>(ContentInfo.java:120)

at sun.security.pkcs.PKCS7.parse(PKCS7.java:136)

at sun.security.pkcs.PKCS7.parse(PKCS7.java:115)

... 8 more

keytool error: java.lang.Exception: Failed to parse input

Surendra_Varmaa at 2007-7-12 19:46:04 >

java.security.cert.CertificateParsingException: java.io.IOException: subject key, Unknown key spec: Invalid RSA modulus size.

at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:155)

at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1679)

at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:173)

at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:101)

at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:389)

at us.tn.state.trust.service.LDAPTest.importCertificate(LDAPTest.java:31)

at us.tn.state.trust.service.LDAPTest.main(LDAPTest.java:19)

Caused by: java.io.IOException: subject key, Unknown key spec: Invalid RSA modulus size.

at sun.security.x509.X509Key.parse(X509Key.java:155)

at sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:58)

at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:706)

at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:153)

... 6 more

Surendra_Varmaa at 2007-7-12 19:46:04 >

--BEGIN CERTIFICATE--

MIIHezCCBWOgAwIBAgIQEdE5AWMMyrJKS9NSM4/mTjANBgkqhkiG9w0BAQUFADCB

hzESMBAGCgmSJomT8ixkARkWAnVzMRIwEAYKCZImiZPyLGQBGRYCdG4xFTATBgoJ

kiaJk/IsZAEZFgVzdGF0ZTETMBEGCgmSJomT8ixkARkWA2FkczExMC8GA1UEAxMo

U3RhdGUgb2YgVGVubmVzc2VlIE9JUiBMQU4gRW50ZXJwcmlzZSBDQTAeFw0wNTA3

MjIxNzMyMzRaFw0yNTA3MjIxNzM5MDBaMIGHMRIwEAYKCZImiZPyLGQBGRYCdXMx

EjAQBgoJkiaJk/IsZAEZFgJ0bjEVMBMGCgmSJomT8ixkARkWBXN0YXRlMRMwEQYK

CZImiZPyLGQBGRYDYWRzMTEwLwYDVQQDEyhTdGF0ZSBvZiBUZW5uZXNzZWUgT0lS

IExBTiBFbnRlcnByaXNlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC

AgEAqeMoUh0TYm15rQqbhGONvV9GDVjI2ZSj++0tGkshejQnEKvdH5DiYE7J5eCh

SgVquYjT+XTob9v3nZZJ22xfGp2/BHCReQYzIl0JPv2wfHfbXhwn4oOVj9KKfLh7

ICPacLfW7WC3GbVYcGha8U+TSl1167TIkyuhxY8EU968nxrFXzF4pvX6np/sEQ/2

YJWxsEaWOCvv8iDRgPPBWM6xJ+40M7SU01KhEC5l7/oc355uLd5dRTZl5ndbpbxo

77P2f1LglP+7M2AdB1krQRujXOg3PWyo+lg7k7zzZ57R6t4gRqU+knlyLSHWeyZi

ZgANem1R2XKd5qYw56Rx0QMMNdCo1c2gC7YhY5F9Sp4T8uvFK73UQ4dbP8EcG+QY

vPu7SZ19fms0/B7XGhb+1LzkQ+XhfldJudVjLi0g/olCRabIuqXbh2zLTSiypNR1

pczPk/A+WkZfXcZd97MXGDxxkLQ/8uFUqRSaJ8ZrVdFR+GxiGmHLA3/JYq+yxoG8

PJJaFJqrK4kF6KR2nsqZiIWYMrjGP3HIdt811wckKUBxHGtHLWRczEp4MtAGXvVH

YN9o1AqoqcOM5j9yneIhb8o1mZ/WuboxCo305RqQdb2jYAZO543x1xLSILCzG6T+

WafyCnuHhIytxvfXhlrIFR17V4/hseWxyawiPzASvA3IdiECAwEAAaOCAd8wggHb

MBMGCSsGAQQBgjcUAgQGHgQAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTAD

AQH/MB0GA1UdDgQWBBRGjU7SK13t2bJ7paafu+/VXaWHGDCCAXMGA1UdHwSCAWow

ggFmMIIBYqCCAV6gggFahoHsbGRhcDovLy9DTj1TdGF0ZSUyMG9mJTIwVGVubmVz

c2VlJTIwT0lSJTIwTEFOJTIwRW50ZXJwcmlzZSUyMENBLENOPUFHMDMxOTAwNldJ

MDk5LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNl

cyxDTj1Db25maWd1cmF0aW9uLERDPWFkcyxEQz1zdGF0ZSxEQz10bixEQz11cz9j

ZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlz

dHJpYnV0aW9uUG9pbnSGaWh0dHA6Ly9hZzAzMTkwMDZ3aTA5OS5hZHMuc3RhdGUu

dG4udXMvQ2VydEVucm9sbC9TdGF0ZSUyMG9mJTIwVGVubmVzc2VlJTIwT0lSJTIw

TEFOJTIwRW50ZXJwcmlzZSUyMENBLmNybDAQBgkrBgEEAYI3FQEEAwIBADANBgkq

hkiG9w0BAQUFAAOCAgEAF6yqWNRADL8egzxEsXguUEPder/yweTyKuNU88AwwfJH

4rdJmofugiFHdzs5DPwtw87PBkOooJ8A05ZXYn9YIIdlDfmuiLdu3V1hDRRSD7Py

7VC3YjZjEoOzCIznK9oJMz/ovH5ay7lxtGSs8FFv4xLlHOhkTCEL8ePBdT8OKB2m

l0Ih2Oe//cX3WN4YBBvvGw1ILJCvxIb1veMBWdNez8dgcEoY1c4tA9kfuC9WX5Xc

LkOmwFnjDUSGlJ6WGrlBPCDlK8cu9Ve650kg5ovJT11g32HmzUM5OgAAdJEZl7lc

Jnf+i//OZdNRVsGOUlCEDNnwBKKb7dInfs9q9FxLgVAeHOeQnFj2VGubxwGYPmWp

EYcWH4QKfUxNI5j7KIVPt5yn50F9V/Ia18Jt57JIC/Zzb3vRmhPROxsbaAg3PQBF

KmAmV97swoh0B7fVDxF6LjnzH7LAoyb5l//MhDo/2qABTLJFeuhlRmTxug/ZvMFL

X2Ha3j/CsgcmgKKVelGwU8ETlHXmwF9qfkg3uIA4ttLk/QTmTIgPRlamWBBxWUjK

1LoNNgIFYzmPoqlJrqri/q5SUahpVZyXKGRhM6eqAHH8mjIJ7gVDn7L6TmyFlxtK

JWBXU7eLlPAvj004ZP3OyDn/P0P1hzOhU+H1ReWd4i9/4b5Y6iDdnoxGvaX8Vas=

--END CERTIFICATE--

Surendra_Varmaa at 2007-7-12 19:46:04 >