PKCS12 Using “PBES2” Cipher not Support by Java Versions Below 8u301 or 11.0.1

Using a PKCS12 certificate file generated by a newer version of Java (12.x.x or later) will throw an error in Java versions below 8u301 or 11.0.1 due to the new PBES2 cipher not being supported.

java.io.IOException: parseAlgParameters failed: ObjectIdentifier() -- data isn't an object ID (tag = 48)
	at sun.security.pkcs12.PKCS12KeyStore.parseAlgParameters(Unknown Source)
	at sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
	at java.security.KeyStore.load(Unknown Source)
	at org.glassfish.grizzly.ssl.SSLContextConfigurator.loadBytes(SSLContextConfigurator.java:572)
	at org.glassfish.grizzly.ssl.SSLContextConfigurator.createSSLContext(SSLContextConfigurator.java:419)

See https://bugs.openjdk.org/browse/JDK-8228481 for more details.

How to Fix

To resolve this error you can do one of the following:

Update to a newer version of Java that supports the new PBES2 cipher
Use “legacy” options when generating your certificate (if cert tool supports it). For example if using OpenSSL 3.0.x to create your certificate add the “-legacy” argument.

How to Fix

See our PDF technology in action!

Privacy Policy

Links to Qoppa’s Main Website

Contact Support

Follow Us

How to Fix

Related Articles

“Unable to acquire access token” error when using Microsoft OAuth

Video: Introduction to PDF Automation Server

How to check that a PDF document is linearized or formatted for fast web view

Is Qoppa PDF SDK thread safe and is it multi-threaded?

How to Convert PDF Portfolio to Images

Leave feedback or review for Qoppa’s products

See our PDF technology in action!

Privacy Policy

Links to Qoppa’s Main Website

Contact Support

Follow Us