Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / January 2004

Tip: Looking for answers? Try searching our database.

CertificateException DerInputStream.getLength lengthTag=127 too big

Thread view: 
Enable EMail AlertsStart New Thread
Yashwant - 14 Jan 2004 04:32 GMT
Hi All,

I am getting a valid PEM encoded cert issued by a CA and then use IE
Xenroll to install it into the browser. All these work well.
Now in between, I try to get the serial number out of the cert which
is where it fails.

1. I first convert the PEM encoded String to a byte array and then PEM
decode the byte array. Then I pass this byte array to X509Certificate
getInstance method which throws the Certificate exception saying
DerInputStream.getLength lengthTag=127 too big
Has anybody faced this problem?

2. I am pretty sure the PEM encoded certificate is alright because I
can install it on the browser after wrapping it with BEGIN CERTIFICATE
and END CERTIFICATE. Is there any other way I can programmatically get
the certificate serial number from teh PEM encoded Certificate String.

Thanks in advance for your help.
-Yash
Reply to this Message
Hans Granqvist - 14 Jan 2004 22:35 GMT
> 1. I first convert the PEM encoded String to a byte array and then PEM
> decode the byte array. Then I pass this byte array to X509Certificate
> getInstance method which throws the Certificate exception saying
> DerInputStream.getLength lengthTag=127 too big
> Has anybody faced this problem?

Seems you're using an old javax.security.cert.Certificate class. Use
java.security.cert.CertifcateFactory instead and see if you get the
same error.

-Hans
Reply to this Message
Yashwant - 15 Jan 2004 17:24 GMT
Thanks, Hans.
I suspect that the certificate is in base64 CMC encoded certificate.
None of the OpenSSL utilites was able to parse this certificate as it
seems to be a propriety Microsoft format. Do you have any idea if
there are any tools or utilites which can be used to programmatically
extract the serial number from such certificates.?

> > 1. I first convert the PEM encoded String to a byte array and then PEM
> > decode the byte array. Then I pass this byte array to X509Certificate
[quoted text clipped - 7 lines]
>
> -Hans
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.