Using a PKCS12 certificate file generated by a newer version of Java (12.x.x or later) will throw an error in Java versions below 8u301 or 11.0.1 due to the new PBES2 cipher not being supported.

java.io.IOException: parseAlgParameters failed: ObjectIdentifier() -- data isn't an object ID (tag = 48)
	at sun.security.pkcs12.PKCS12KeyStore.parseAlgParameters(Unknown Source)
	at sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
	at java.security.KeyStore.load(Unknown Source)
	at org.glassfish.grizzly.ssl.SSLContextConfigurator.loadBytes(SSLContextConfigurator.java:572)
	at org.glassfish.grizzly.ssl.SSLContextConfigurator.createSSLContext(SSLContextConfigurator.java:419)

See https://bugs.openjdk.org/browse/JDK-8228481 for more details.

 

How to Fix

To resolve this error you can do one of the following:

  • Update to a newer version of Java that supports the new PBES2 cipher
  • Use “legacy” options when generating your certificate (if cert tool supports it). For example if using OpenSSL 3.0.x to create your certificate add the “-legacy” argument.