CertificateException - OpenSSLX509CertificateFactory$ParsingException

Question

I have the following code in my android project where i am connecting to secured server. I am getting the parse error. [pasted below] .if anyone knows about this exception, please let me know. Thanks in advance.

Code Snippet

CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = new BufferedInputStream(new FileInputStream("/storage/emulated/0/cert.p12"));
Certificate ca;
try {
    ca = cf.generateCertificate(caInput);   // error at this line
    System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
} finally {
    caInput.close();
}

Error

01-15 17:01:00.107: W/System.err(14932): java.security.cert.CertificateException:   com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: java.lang.RuntimeException: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
01-15 17:01:00.107: W/System.err(14932):    at   com.android.org.conscrypt.OpenSSLX509CertificateFactory.engineGenerateCertificate(OpenSSLX509CertificateFactory.java:272)

01-15 17:01:00.107: W/System.err(14932): at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:195)

Try the BouncyCastle provider (i.e, `getInstance("X.509", "BC");` Also ensure your version of Android is not too old. See, for example, [Android fails converting p12 file's certificates to x509; converts properly using java](https://groups.google.com/forum/#!topic/android-developers/HCiHwBKOsrI). — jww, Jan 17 '14 at 15:49
@noloader, your comment is worthy of an answer. I did exactly that (Adding the BC provider) and it worked. You should add it as an answer to help others. — fernandohur, Feb 19 '14 at 00:13
1. Seems to a wrong file format. For openssl threre is DER and PEM type. Try to convert your cert.p12 to another format ($ x509 -in cert.p12 -inform PEM –out output.crt -outform DER). — Alex Bezuglyi, Jul 25 '15 at 14:30

Josh · Answer 1 · 2019-01-14T09:03:19.793

15

I found the solution to this same problem. Include the "BC" provider to this line of code, and the error could disappear: getInstance("X.509", "BC")

edited Jan 14 '19 at 09:03

answered Dec 30 '15 at 16:48

Josh

6,251
2
46
73

@ Josh how we can add this – Amitsharma Aug 22 '19 at 13:21
Hi @Amitsharma , that code is for the TrustManager instance. You can find some ideas, in the answer I posted for this: https://stackoverflow.com/questions/859111/how-can-i-use-different-certificates-on-specific-connections/34533740#34533740 – Josh Aug 26 '19 at 08:17
After doing this X.509 not found – Samriddha Bajpai Jun 26 '23 at 10:30

CertificateException - OpenSSLX509CertificateFactory$ParsingException

1 Answers1