This can occur when the keystore or truststore is in the
JKS format
and you used the
-storetype pkcs12
option.
~]# keytool -keystore /path/to/keystore -import -file my.cer -alias my-cert -storetype pkcs12
keytool error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
The
keytool command with the -list flag
can be used to determine if the keystore or truststore is in the JKS or PKCS12 format.
]$ keytool -keystore cacerts.CHG00063063 -list
Enter keystore password:
Keystore type: jks
This error may also be returned by a Java application that is attempting to make a secured connection to a system. For example, once I had this issue when I mistakenly had eclipse-workspaces (notice the extra "s") instead of eclipse-workspace.
System.setProperty("javax.net.ssl.trustStore", "C:\\Users\\john.doe\\eclipse-workspaces\\cacerts");