Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Assigning a manually read certificate to the trustStore  RSS feed

Rogelio Sevilla
Posts: 1
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Good day to everyone :-D,

This is my first post, I hope my question isn't too basic .

I have been assigned an old project here on my job and I have stumbled with a problem that I have not been able to solve :-S. Currently, the project code needs to read a keystore file to be able to visit an ssl site. To achieve this, it assigns the keystore file path to the system property doing something like this:


The problem is that, when doing this, I get an exception similar to this one: DerInputStream.getLength(): lengthTag=06, too big.

During the execution of this line:

HttpsURLConnection urlc = (HttpsURLConnection) url.openConnection();

After some googling, I found that the problem was, most likely, an error within the keystore file. However, one of my partners ran the exact same project code, with the exact same jks file without any problem :-s . I debugged the application and found out that, on my PC, the jks content was not being read completely as in my partner's pc... weird (on my pc, the code doesn't read the last 6 characters). I tried to find any difference between my partner's machine and mine without success.

Anyway, i created a function where I read the same content from a certificate file, not from a keystore. I'm doing something like this:

public X509Certificate getCertificate() {
try {

InputStream inStream = new FileInputStream("config/myCertificate.cer");
CertificateFactory cf = CertificateFactory.getInstance("X.509");

X509Certificate cert = (X509Certificate) cf.generateCertificate(inStream);
return cert;
} catch (Exception e) {
throw new RuntimeException(e);

When I use the next two lines:

X509Certificate cer = cl.getCertificate();
String sig = new String(cer.getSignature());

I get the complete signature of the certificate, which doesn't happen when using the original code on the old project in my machine. As you can see, on my method, I read a .cer file, not a .jks file. My question is:

Is there any way i can use the certificate i'm getting with this function to be able to visit the ssl site instead of using the original code? (the one using the property)?

Any advice would be appreciated.

Thanks a lot in advance :-D
Tushar Kapila
Ranch Hand
Posts: 35
Chrome Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
maybe you can use http client instead of URL to make connections and read server pages/ objects
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!