Error: CertificateDecodeException: java.io.IOException: Unrecognized OID for key1.2.840.10045.2.1

Question

I have recently moved to edtFTPj/pro after using the free version for a long time - our network is deprecating vanilla FTP in favor of FTPS.

I have successfully used the library with an FTPS server using a self-signed certificate, but am having problems connecting to a site with a real, from-DigiCert certificate.

The code craps out when loading an ostensibly good PEM file - /etc/pki/tls/cert.pem, supplied with CentOS 7.  I can connect to the site using curl, which uses other certificate store files from /etc/pki.

com.enterprisedt.net.puretls.cert.CertificateDecodeException: java.io.IOException: Unrecognized OID for key1.2.840.10045.2.1

com.enterprisedt.net.puretls.cert.X509Cert.<init>(X509Cert.java:271)

com.enterprisedt.net.ftp.ssl.SSLFTPCertificateStore.importPEMFile(SSLFTPCertificateStore.java:188)

com.enterprisedt.net.ftp.ssl.SSLFTPCertificateStore.importPEMFile(SSLFTPCertificateStore.java:155)

com.enterprisedt.net.ftp.ssl.SSLFTPCertificateStore.importCertificates(SSLFTPCertificateStore.java:87)

com.enterprisedt.net.ftp.async.internal.SecureConnectionContext.loadSSLServerValidation(SecureConnectionContext.java:384)

com.enterprisedt.net.ftp.SecureFileTransferClient.loadSSLServerValidation(SecureFileTransferClient.java:664)

Ideas?

Comments

Please open a support ticket at the link below and send us your PEM file to try.
https://enterprisedt.atlassian.net/servicedesk/customer/portal/1

---

Uploaded to ESC-1003495.  Thanks!

Answer 1

A note to readers: we have made a patch that resolves this issue by ignoring ECC root certificates (which are rarely if ever required). It will be available in the next release of edtFTPj/PRO.