Search code examples
x509certificateglobus-toolkit Algorithm not supported with Java WS Core 4.0.8

I'm trying to start the Java WS Core container version 4.0.8 from the Globus Tooklit. Before I can start the container, I need to create a grid proxy using grid-proxy-init. I am using my CERN certificate for this purpose. I have also downloaded the CERN Root CA and the CERN Trusted Certificate Authority certificates and configured globus to trust them. However, when I do grid-proxy-init, I get the following error:

Files used: 
  proxy     : /tmp/x509up_u501
  user key  : ~/.globus/userkey.pem
  user cert : ~/.globus/usercert.pem
Your identity: (correct identity)
Error: Wrong pass phrase Algorithm not supported.
    at org.globus.gsi.OpenSSLKey.readPEM(
    at org.globus.gsi.OpenSSLKey.<init>(
    at org.globus.gsi.bc.BouncyCastleOpenSSLKey.<init>(
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(
    at java.lang.reflect.Method.invoke(
    at org.globus.bootstrap.BootstrapBase.launch(
    at org.globus.bootstrap.Bootstrap.main(

Please note that my CA certificates are in a non-standard location (~/.globus/certificates). I've tried using X509_CERT_DIR=~/.globus/certificates, but to no avail. Also, grid-proxy-init doesn't actually ask me for a passphrase. It just gives that error. I have no idea how to debug this further. I would appreciate any ideas about how to procee. Also, I would like to verify that globus is indeed recognising my CA certificates without any problems. Thanks!


  • Ok so I figured out what the problem was. I was converting the certificate to PEM from PKCS using:

    openssl pkcs12 -in cert.p12 -out usercert.pem -nokeys
    openssl pkcs12 -in cert.p12 -out userkey.pem -nocerts -nodes

    Apparently this only extracts the private key from the certificate file but does not actually convert it to PEM format. For that I had to use the following command:

    openssl pkcs12 -in cert.p12 -nocerts -nodes|openssl rsa -out userkey.pem -des3

    This outputs the private key in the required format and grid-proxy-init works fine now.