Keytool error
Hi,
I'm trying to sign an applet that I'm testing. I have been advised to follow the steps below before using the jarsigner utility. I get this error: 'keytool error: java.security.cert.CertificateException: Sequence tag error.' when trying to import a certificate reply into the key entry of my keystore. As you can see, I'm doing this all from the command prompt. I've copied the list of commands so that you know the steps I have taken.
C:\j2sdk1.4.2_04>keytool -genkey -alias ftpapplet -keypass photoshop1 -keystore
keystore -storepass photoshop1
What is your first and last name?
[Unknown]: My Name
What is the name of your organizational unit?
[Unknown]: My Department
What is the name of your organization?
[Unknown]: ThisCompany
What is the name of your City or Locality?
[Unknown]: ThisCity
What is the name of your State or Province?
[Unknown]: SC
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=My Name, OU=My Department, O=ThisCompany, L=ThisCity, ST=SC, C=US correct?
[no]: yes
C:\j2sdk1.4.2_04>keytool -certreq -alias ftpapplet -keypass ****** -keystore
keystore -storepass ****** -file ftpappletrequest.cer
********************************************************************************
Basically, here is what the certificate request that was generated looks like:
--BEGIN NEW CERTIFICATE REQUEST--
MIICbDCCAioCAQAwZzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlNDMQ8wDQYDVQQHEwZDb253YXkx
DDAKBgNVBAoTA0hUQzEVMBMGA1UECxMMV2ViIFNlcnZpY2VzMRUwEwYDVQQDEwxIVEMgRW1wbG95
ZWUwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZR
--END NEW CERTIFICATE REQUEST--
********************************************************************************
C:\j2sdk1.4.2_04>keytool -list -alias cakey -keystore c:\j2sdk1.4.2_04\jre\lib\s
ecurity\cacerts -storepass ******
cakey, May 19, 2004, trustedCertEntry,
Certificate fingerprint (MD5): B7:3B:9F:46:D8:B6:C5:83:96:B6:C9:09:0A:28:B9:A7
C:\j2sdk1.4.2_04>keytool -import -alias cakey -file CARoot.cer -keystore c:\j2s
dk1.4.2_04\jre\lib\security\cacerts -storepass ******
keytool error: java.lang.Exception: Certificate not imported, alias <cakey> alre
ady exists
C:\j2sdk1.4.2_04>keytool -import -alias ftpkey -file CARoot.cer -keystore c:\j2
sdk1.4.2_04\jre\lib\security\cacerts -storepass ******
Certificate already exists in keystore under alias <cakey>
Do you still want to add it? [no]: yes
Certificate was added to keystore
C:\j2sdk1.4.2_04>keytool -list -alias ftpkey -keystore c:\j2sdk1.4.2_04\jre\lib\
security\cacerts -storepass ******
ftpkey, May 20, 2004, trustedCertEntry,
Certificate fingerprint (MD5): B7:3B:9F:46:D8:B6:C5:83:96:B6:C9:09:0A:28:B9:A7
*******************************************************************************
Basically, here is what the certificate reply that was generated looks like:
-BEGIN CERTIFICATE--
MIIFUjCCBPygAwIBAgIKXHHUPQAAAAAADDANBgkqhkiG9w0BAQUFADCBhTElMCMG
CSqGSIb3DQEJARYWd2Vic2VydmljZXNAaHRjaW5jLm5ldDELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAlNDMQ8wDQYDVQQHEwZDb253YXkxDDAKBgNVBAoTA0hUQzEVMBMG
--END CERTIFICATE-
********************************************************************************
C:\j2sdk1.4.2_04>keytool -import -alias ftpapplet -file ftpChainCertificate.cer
-keypass ****** -trustcacerts -keystore keystore -storepass ******
sun.security.pkcs.ParsingException: Sequence tag error
at sun.security.pkcs.PKCS7.parse(PKCS7.java:118)
at sun.security.pkcs.PKCS7.<init>(PKCS7.java:68)
at sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.ja
va:530)
at sun.security.provider.X509Factory.engineGenerateCertificates(X509Fact
ory.java:407)
at java.security.cert.CertificateFactory.generateCertificates(Certificat
eFactory.java:511)
at sun.security.tools.KeyTool.installReply(KeyTool.java:1193)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:504)
at sun.security.tools.KeyTool.run(KeyTool.java:124)
at sun.security.tools.KeyTool.main(KeyTool.java:118)
Caused by: java.io.IOException: Sequence tag error
at sun.security.util.DerInputStream.getSequence(DerInputStream.java:266)
at sun.security.pkcs.ContentInfo.<init>(ContentInfo.java:115)
at sun.security.pkcs.PKCS7.parse(PKCS7.java:136)
at sun.security.pkcs.PKCS7.parse(PKCS7.java:115)
... 8 more
keytool error: java.security.cert.CertificateException: Sequence tag error
C:\j2sdk1.4.2_04>
I also posted this message in the Cryptography forum for any help there. I wasn't sure which forum this applied to. Any help would be greatly appreciated. Thanks!
carusel777
