Java - Resolve "keytool error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big"

by
Jeremy Canfield |
Updated: December 07 2022
| Java articles
Let's say something like this is being returned when using the Java keytool command.
keytool error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
This can occur when the keystore or truststore is in the JKS format and you used the -storetype pkcs12 option.
~]# keytool -keystore /path/to/keystore -import -file my.cer -alias my-cert -storetype pkcs12
keytool error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
The keytool command with the -list flag can be used to determine if the keystore or truststore is in the JKS or PKCS12 format.
]$ keytool -keystore cacerts.CHG00063063 -list
Enter keystore password:
Keystore type: jks
This error may also be returned by a Java application that is attempting to make a secured connection to a system. For example, once I had this issue when I mistakenly had eclipse-workspaces (notice the extra "s") instead of eclipse-workspace.
System.setProperty("javax.net.ssl.trustStore", "C:\\Users\\john.doe\\eclipse-workspaces\\cacerts");
Did you find this article helpful?
If so, consider buying me a coffee over at