• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Tim Cooke
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
  • Liutauras Vilda
  • Henry Wong
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Al Hobbs
  • Carey Brown
  • Piet Souris
  • Mikalai Zaikin
  • Himai Minh

Assigning a manually read certificate to the trustStore

Posts: 1
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Good day to everyone :-D,

This is my first post, I hope my question isn't too basic .

I have been assigned an old project here on my job and I have stumbled with a problem that I have not been able to solve :-S. Currently, the project code needs to read a keystore file to be able to visit an ssl site. To achieve this, it assigns the keystore file path to the javax.net.ssl.trustStore system property doing something like this:


The problem is that, when doing this, I get an exception similar to this one:

java.io.IOException: DerInputStream.getLength(): lengthTag=06, too big.

During the execution of this line:

HttpsURLConnection urlc = (HttpsURLConnection) url.openConnection();

After some googling, I found that the problem was, most likely, an error within the keystore file. However, one of my partners ran the exact same project code, with the exact same jks file without any problem :-s . I debugged the application and found out that, on my PC, the jks content was not being read completely as in my partner's pc... weird (on my pc, the code doesn't read the last 6 characters). I tried to find any difference between my partner's machine and mine without success.

Anyway, i created a function where I read the same content from a certificate file, not from a keystore. I'm doing something like this:

public X509Certificate getCertificate() {
try {

InputStream inStream = new FileInputStream("config/myCertificate.cer");
CertificateFactory cf = CertificateFactory.getInstance("X.509");

X509Certificate cert = (X509Certificate) cf.generateCertificate(inStream);
return cert;
} catch (Exception e) {
throw new RuntimeException(e);

When I use the next two lines:

X509Certificate cer = cl.getCertificate();
String sig = new String(cer.getSignature());

I get the complete signature of the certificate, which doesn't happen when using the original code on the old project in my machine. As you can see, on my method, I read a .cer file, not a .jks file. My question is:

Is there any way i can use the certificate i'm getting with this function to be able to visit the ssl site instead of using the original code? (the one using the javax.net.ssl.trustStore property)?

Any advice would be appreciated.

Thanks a lot in advance :-D
Ranch Hand
Posts: 36
Chrome Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
maybe you can use http client instead of URL to make connections and read server pages/ objects http://hc.apache.org/httpclient-3.x/sslguide.html
    Bookmark Topic Watch Topic
  • New Topic