Skip to main content
Question

Any idea on the solution to this pfx certificate importing into keystore error. keytool error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.

  • February 1, 2021
  • 7 replies
  • 1398 views

billybob
Contributor
Forum|alt.badge.img+6

I'm configuring fme (fme server 2019.1.3.1) to use https. When I try importing a pfx wildcard certificate into the tomcat.keystore and I'm get the following error:

Importing keystore C:\\certificates\\xxxxxxx.xxx.pfx to tomcat.keystore...

keytool error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.

 

Any thoughts on what the error might be and how to fix it?

 

Thanks!

 

 

7 replies

warrendev
Enthusiast
Forum|alt.badge.img+23
  • Enthusiast
  • February 1, 2021

@billybob​ , 

Are you running this command when you receive that error? 

keytool -importkeystore -srckeystore <certpath>\<certificate_name>.pfx -srcstoretype pkcs12 -destkeystore tomcat.keystore -deststoretype jks

 I've found this article going over that error. Maybe this can help.

 

 

 


billybob
Contributor
Forum|alt.badge.img+6
  • Author
  • Contributor
  • February 1, 2021

This is the command: >keytool -importkeystore -srckeystore <certpath>\\<certificate_name>.pfx -srcstoretype pkcs12 -destkeystore tomcat.keystore -deststoretype pkcs12 The command you have shows "-deststoretype jks" as the last option. Is that the issue?


warrendev
Enthusiast
Forum|alt.badge.img+23
  • Enthusiast
  • February 1, 2021
billybob wrote:

This is the command: >keytool -importkeystore -srckeystore <certpath>\\<certificate_name>.pfx -srcstoretype pkcs12 -destkeystore tomcat.keystore -deststoretype pkcs12 The command you have shows "-deststoretype jks" as the last option. Is that the issue?

I know you can set it to either of those, but the "jks" worked for me. I'm not really sure if that will fix it on your end.

 

https://community.safe.com/s/article/fme-server-and-httpsssl-pfx-certificate

 


billybob
Contributor
Forum|alt.badge.img+6
  • Author
  • Contributor
  • February 1, 2021

Great! I'll give that a try. Thanks for the article pointer. That helps confirm that I'm using the latest configuration instructions.


billybob
Contributor
Forum|alt.badge.img+6
  • Author
  • Contributor
  • February 1, 2021

Thanks. That worked for me. After making the required configuration changes to the various tomcat files, I can't seem to access https://localhost.. Any thoughts on that issue?

 


Forum|alt.badge.img+2
billybob wrote:

Thanks. That worked for me. After making the required configuration changes to the various tomcat files, I can't seem to access https://localhost.. Any thoughts on that issue?

 

Hi @billybob​ ,

Please can you review the log files located in <FMEServerFileShare>/Resources/Logs/tomcat. In particular look in the catalina.log for SEVERE messages, this should tell us what is going on.


billybob
Contributor
Forum|alt.badge.img+6
  • Author
  • Contributor
  • February 1, 2021

Hi @hollyatsafe,

I was able to figure out the issue. Some how the tomcat.keystore was corrupted. I simply remove the keystore, recreated it by importing the certificate again, and verified the changes to the xml files. That worked, and I'm able to access https://localhost now. Thank you the response. Reviewing the logs if I have any other is should come in handy.

 

Thanks again!


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings