keytool error: java.io.IOException: toDerInputStream rejects tag type 45 [duplicate]

Question

I got this error when my server try to push a notification to a specific device based on device token and ck.pem (combination between .pem file, cert and key).

Caused by: java.io.IOException: toDerInputStream rejects tag type 45

This is full error message appear in my eclipse console.

initial
starting push notification sending
2014/03/20 14:28:00:252 INFO  net.penril.notification.Initializer: ====Start Push Notification Sending==== 
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
2014/03/20 14:28:04:737 INFO  net.penril.notification.Initializer: Total of record data(1)
SMS OID: 465
IOS test
reg id =x769571d187c15cec398c5a02f196249456e8b73f763754fa17060658f87f6f6
com.notnoop.exceptions.InvalidSSLConfig: java.io.IOException: toDerInputStream rejects tag type 45
2014/03/20 14:28:05:374 INFO  net.penril.notification.Initializer: Failed send notification to APN 
2014/03/20 14:28:05:374 INFO  net.penril.notification.Initializer: ====Complete Push Notification Sending==== 
2014/03/20 14:28:05:374 INFO  net.penril.notification.Initializer: =====End===== 

starting..
    at com.notnoop.apns.internal.Utilities.newSSLContext(Utilities.java:101)
    at com.notnoop.apns.ApnsServiceBuilder.withCert(ApnsServiceBuilder.java:170)
    at com.notnoop.apns.ApnsServiceBuilder.withCert(ApnsServiceBuilder.java:133)
    at net.penril.notification.Initializer.notificationWorker(Initializer.java:156)
    at net.penril.notification.Initializer.Initial(Initializer.java:46)
    at net.penril.notification.PushNotificationCron$Job.run(PushNotificationCron.java:12)
    at EDU.oswego.cs.dl.util.concurrent.ClockDaemon$RunLoop.run(Unknown Source)
    at java.lang.Thread.run(Thread.java:724)
Caused by: java.io.IOException: toDerInputStream rejects tag type 45
    at sun.security.util.DerValue.toDerInputStream(DerValue.java:847)
    at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1221)
    at java.security.KeyStore.load(KeyStore.java:1214)
    at com.notnoop.apns.internal.Utilities.newSSLContext(Utilities.java:85)
    ... 7 more

I suspect this error cause by this code

System.out.println("reg id =" + record.getRegId());
ApnsService service = APNS.newService().withCert("/Applications/MAMP/htdocs/xxxxx-mobile/ck.pem", "xxxxxx").withSandboxDestination().build();
String payload = APNS.newPayload().alertBody("This for testing").build();
String token = record.getRegId();
service.push(token, payload);

Do you have any idea about this toDerInputStream rejects tag type 45 ?

I already doing my research about this problem here:

1. https://community.oracle.com/thread/1534340?start=0&tstart=0
2. Java APNS (Apple Push Notification Service) error

Why?

Answer 1

As stated here java-apns is expecting the .p12 private key, not the .pem file.

The instructions for creating a .p12 file on a mac are in the first link, but if you're using the openssl tool on linux you can create it with:

openssl pkcs12 -export -inkey mykey.key -in mykey.pem -out mykey.p12

Answer 2

I just found the answer. When I try to generate a P12 key, I need to select both, a private key and certificate in keychain access.