案例1:读取证书时格式转换不对
java.io.IOException:DerInputStream.getLength():lengthTag=66,toobig.
at sun.security.util.DerInputStream. getLength(DerInputStream.java:561)
| at sun.security.util.DerValue.init (DerValue.java:365)
| at sun.security.util.DerValue.<init>(DerValue.java:320)
| at sun.security.pkcs12 .PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1914)
| at java.security.KeyStore.load (KeyStore.java:1445)
PKCS#12 is encoded in DER format, and DER format is binary .
You are using a FileReader that is (from javadoc) Convenience class for writing character files.
which inherites from OutputStreamWriter
An OutputStreamWriter is a bridge from character streams to byte streams: Characters written to it are encoded into bytes using a specified charset.
Therefore,You have an encoding problem ,converting binary to char
The file you receive is not really in binary format. It could be in Base64。
In both cases, use a FileOutputStream.write or Files.write to store the file, and if your 'certificate' variable is a String, first convert it to binary。
案例2:没有指明storetype为pkcs12
在用keytool生成服务器端SSL证书后,启动springboot时,报错java.io.IOException:DerInputStream.getLength():lengthTag=111,toobig.使用以下命令:
keytool -genkey -alias tomcat -keypass 123456 -keyalg RSA -keysize 1024 -validity 3650 -keystore D:\keystore\keystore.p12 -storepass 123456
出错原因是:没有指明storetype为 pkcs12
补救方法:keytool -importkeystore -srckeystore D:\keystore\keystore.p12 -destkeystore D:\keystore\new\keystore.p12 -deststoretype pkcs12
将刚才生成的证书指定为pkcs12密钥库。
网友评论