java.security.InvalidKeyException: Algorithm not supported with Java WS Core 4.0.8

StackOverflow https://stackoverflow.com/questions/17879760

  •  04-06-2022
  •  | 
  •  

Pergunta

I'm trying to start the Java WS Core container version 4.0.8 from the Globus Tooklit. Before I can start the container, I need to create a grid proxy using grid-proxy-init. I am using my CERN certificate for this purpose. I have also downloaded the CERN Root CA and the CERN Trusted Certificate Authority certificates and configured globus to trust them. However, when I do grid-proxy-init, I get the following error:

Files used: 
  proxy     : /tmp/x509up_u501
  user key  : ~/.globus/userkey.pem
  user cert : ~/.globus/usercert.pem
Your identity: (correct identity)
Error: Wrong pass phrase
java.security.InvalidKeyException: Algorithm not supported.
    at org.globus.gsi.OpenSSLKey.readPEM(OpenSSLKey.java:169)
    at org.globus.gsi.OpenSSLKey.<init>(OpenSSLKey.java:105)
    at org.globus.gsi.bc.BouncyCastleOpenSSLKey.<init>(BouncyCastleOpenSSLKey.java:45)
    at org.globus.tools.DefaultProxyInit.loadKey(ProxyInit.java:608)
    at org.globus.tools.ProxyInit.createProxy(ProxyInit.java:204)
    at org.globus.tools.ProxyInit.main(ProxyInit.java:518)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:601)
    at org.globus.bootstrap.BootstrapBase.launch(BootstrapBase.java:95)
    at org.globus.bootstrap.Bootstrap.main(Bootstrap.java:37)

Please note that my CA certificates are in a non-standard location (~/.globus/certificates). I've tried using X509_CERT_DIR=~/.globus/certificates, but to no avail. Also, grid-proxy-init doesn't actually ask me for a passphrase. It just gives that error. I have no idea how to debug this further. I would appreciate any ideas about how to procee. Also, I would like to verify that globus is indeed recognising my CA certificates without any problems. Thanks!

Foi útil?

Solução

Ok so I figured out what the problem was. I was converting the certificate to PEM from PKCS using:

openssl pkcs12 -in cert.p12 -out usercert.pem -nokeys
openssl pkcs12 -in cert.p12 -out userkey.pem -nocerts -nodes

Apparently this only extracts the private key from the certificate file but does not actually convert it to PEM format. For that I had to use the following command:

openssl pkcs12 -in cert.p12 -nocerts -nodes|openssl rsa -out userkey.pem -des3

This outputs the private key in the required format and grid-proxy-init works fine now.

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top