Troubleshooting
Problem
Run the keytool command to list the certificate -
>>keytool -printcert -file sample.cer
>>keytool -printcert -file sample.cer
This returns the error as shown here.
keytool error: java.lang.Exception: Failed to parse input
keytool error: java.lang.Exception: Failed to parse input
Symptom
keytool error: java.lang.Exception: Failed to parse input
Cause
The PEM format certificate does not comply with RFC 7468.
Specifically, RFC 7468 states that there should be no spaces after the "----BEGIN CERTIFICATE---" header and "---END CERTIFICATE----" footer. A compliance check for this was added to SDK for Java 8 in Java 8 SR6 FP25 (and later).
Specifically, RFC 7468 states that there should be no spaces after the "----BEGIN CERTIFICATE---" header and "---END CERTIFICATE----" footer. A compliance check for this was added to SDK for Java 8 in Java 8 SR6 FP25 (and later).
Environment
AIX, Linux, Windows, and z/OS.
Resolving The Problem
This problem can be resolved either by converting the PEM certificate to DER format or by editing the PEM format certificate to remove the spaces.
Here is the command example to convert the certificate from PEM to DER.
openssl x509 -outform der -in sample.cer -out CERTIFICATE.der
openssl x509 -outform der -in sample.cer -out CERTIFICATE.der
Run the keytool command on the generated CERTIFICATE.der as shown in the example here. The parse error does not occur now.
>> keytool -J-showversion -printcert -file CERTIFICATE.der
>> keytool -J-showversion -printcert -file CERTIFICATE.der
java version "1.8.0_281"
Java(TM) SE Runtime Environment (build 8.0.6.25 - pwa6480sr6fp25-20210115_01(SR6 FP25))
IBM J9 VM (build 2.9, JRE 1.8.0 Windows Server version 2009 amd64-64-Bit Compressed References 20201218_462060 (JIT enabled, AOT enabled)
OpenJ9 - 4c03b71
OMR - 86a8e1a
IBM - 8c30c56)
JCL - 20210108_01 based on Oracle jdk8u281-b09
(the rest of the output is the contents of this certificate, finished successfully with no errors)
Java(TM) SE Runtime Environment (build 8.0.6.25 - pwa6480sr6fp25-20210115_01(SR6 FP25))
IBM J9 VM (build 2.9, JRE 1.8.0 Windows Server version 2009 amd64-64-Bit Compressed References 20201218_462060 (JIT enabled, AOT enabled)
OpenJ9 - 4c03b71
OMR - 86a8e1a
IBM - 8c30c56)
JCL - 20210108_01 based on Oracle jdk8u281-b09
(the rest of the output is the contents of this certificate, finished successfully with no errors)
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
More support for:
Runtimes for Java Technology
Software version:
All Versions
Document number:
7047213
Modified date:
22 November 2023
UID
ibm17047213
Manage My Notification Subscriptions