JCP cannot start after upgrade to 12.2.5+ / 12.3.3+ "DerInputStream.getLength"
search cancel

JCP cannot start after upgrade to 12.2.5+ / 12.3.3+ "DerInputStream.getLength"


Article ID: 203758


Updated On:


CA Automic Workload Automation - Automation Engine


The process JCP stops after starting with a ssl JKS certificate since version 12.2.5+ or12.3.3+

The errors in JCP log are:

U00045014 Exception ' "DerInputStream.getLength(): lengthTag=109, too big."' at ''.
U00003620 Routine '' forces trace because of error.



Release : 12.2 / 12.3


Subcomponent: JCP with sslEnabled=1


Correction added in 12.2.5+ / 12.3.3+ that needed a Jetty upgrade introduced this new prerequisite (JKS keystore no longer accepted).

12.2.4 and inferior:
Jetty: jetty-9.4.8.v20171121

12.2.5 and superior:
Jetty: jetty-9.4.14.v20181114


This is bug until to version 12.3.4

Workaround :

Since 12.2.5+ and 12.3.4, jetty can only run with a PKCS12 (.p12) keystore no longer with a JKS as before.

If a JKS keystore is actually used it must be converted to PKCS12 format, for example with the following keytool instruction:

keytool -importkeystore -srckeystore [MY_KEYSTORE.jks] -destkeystore [MY_FILE.p12] -srcstoretype JKS -deststoretype PKCS12 -deststorepass [PASSWORD_PKCS12]

Then modify the ini file to use that .p12 and JCP will start correctly.


This bug is however corrected in since version 12.3.5 of AWI: The JCP must be able to accept keystore either in JKS or in PKCS 12 format (see additional information for more details about the correction that was introduced).


Additional Information

Technical Resolution: 

A problem has been fixed where the REST API server process failed to start with the configuration sslEnabled=1 and a keystore in JKS format.
The REST API stopped with a log message " "DerInputStream.getLength(): lengthTag=109, too big."