Caused by: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48)

Question

' server.ssl.key-store = src/main/resources/laitadmin.p12 server.ssl.key-alias= 1 server.ssl.keyStoreType= PKCS12'

'   at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:257) ~[na:1.8.0_251]'

Hello and welcome to StackOverflow. Please take some time to read the help page, especially the sections named ["What topics can I ask about here?"](http://stackoverflow.com/help/on-topic) and ["What types of questions should I avoid asking?"](http://stackoverflow.com/help/dont-ask). And more importantly, please read [the Stack Overflow question checklist](http://meta.stackexchange.com/q/156810/204922). You might also want to learn about [Minimal, Complete, and Verifiable Examples](http://stackoverflow.com/help/mcve). — dpr, Jan 04 '22 at 08:48
Your keystore is either corrupt or uses an algorithm that Java does not support. Please post the steps you used to generate the keystore, your Java version(s), and the output of `keytool -list -v laitadmin.p12`. — Christopher Schultz, Jan 04 '22 at 20:33
Dupe: see multiple links at https://stackoverflow.com/questions/70244066/keytool-error-java-io-ioexception-parsealgparameters-failed-objectidentifier — dave_thompson_085, Jan 23 '22 at 19:25

score 6 · Answer 1 · edited Aug 17 '23 at 10:10

6

AES encryption in pkcs12 is not supported in java up to java 11. This is a known issue. Reference - https://bugs.openjdk.java.net/browse/JDK-8220734

edited Aug 17 '23 at 10:10

MiguelSlv

14,067
15
102
169

answered Jan 23 '22 at 16:48

Vignesh Varadharajan

112
5

Also fixed in 8u301 (and 7u311 for paid support), see #8214513 (linked from page you link) also #8202837 – dave_thompson_085 Jan 23 '22 at 19:25

score 1 · Answer 2 · answered Apr 26 '23 at 14:44

This is due to openssl3 PKCS12 using PBES2 cipher which is unsupported in java 8 (at least under 8u301).

Simply install openssl1.1 and use that instead to generate p12 file.

For example in macos,

brew install openssl@1.1
/opt/homebrew/Cellar/openssl@1.1/1.1.1t/bin/openssl pkcs12 -inkey cert.pkey -in cert.pem -export -out cert.p12

score 0 · Answer 3 · answered Mar 24 '22 at 18:22

0

I had the same problem, I solved it by exporting again by MS Edge, but now using the TripleDES-SHA1 Cryptography option on Windows export certified wizard.

answered Mar 24 '22 at 18:22

Karpinski

118
4
10

Caused by: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48)

3 Answers3