Using a PKCS12 certificate file generated by a newer version of Java (12.x.x or later) will throw an error in Java versions below 8u301 or 11.0.1 due to the new PBES2 cipher not being supported. parseAlgParameters failed: ObjectIdentifier() -- data isn't an object ID (tag = 48)
	at Source)
	at Source)
	at Source)
	at org.glassfish.grizzly.ssl.SSLContextConfigurator.loadBytes(
	at org.glassfish.grizzly.ssl.SSLContextConfigurator.createSSLContext(

See for more details.


How to Fix

To resolve this error you can do one of the following:

  • Update to a newer version of Java that supports the new PBES2 cipher
  • Use “legacy” options when generating your certificate (if cert tool supports it). For example if using OpenSSL 3.0.x to create your certificate add the “-legacy” argument.