Bug 6268

Summary:	cannot make the "ServiceInvocation " example work becese of authentication error:
Product:	Java WS Core	Reporter:	Luo Keyue <lorkyo@163.com>
Component:	globus_wsrf_core	Assignee:	Rachana Ananthakrishnan <ranantha@mcs.anl.gov>
Status:	RESOLVED INVALID
Severity:	normal	CC:	jwscore-dev@globus.org
Priority:	P3
Version:	4.0.2
Target Milestone:	---
Hardware:	PC
OS:	Linux

Description From Luo Keyue 2008-07-29 02:01:46

I cannot make "ServiceInvocation " example work becese of authentication 
error:

[Thread-0] ERROR wsif  - WSIF0002E：failed to  load WSDL from url
‘https://ibm.grid:8443/wsrf/services/CounterService?wsdl’
WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported document at
'https://192.168.11.137:8443/share/schema/core/samples/counter/counter_bindings.wsdl'.:
java.security.cert.CertificateException: No subject alternative names present:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException:
No subject alternative names present
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
.....................................
.......................
I use the CA bundled with the  Globus-Tookit to generate container certificate,
its DN is : O=Grid, OU=GlobusTest, OU=simpleCA-gaobb.lreis, CN=ibm.grid. 
ibm.grid  is my host name(I set this in the NetWork Cofiguration of the
Operating System and write it in to the /etc/hosts ) .I don't use the default
name (O=Grid, OU=GlobusTest, OU=simpleCA-gaobb.lreis,
CN=host/ibm.grid)generated by the simple CA because the java cog don't think
the "host/ibm.grid"  and "ibm.grid" refers to the same  subject, and it cause
errors.  I use the browser(firefox) to type
‘https://ibm.grid:8443/wsrf/services/CounterService?wsdl',I can get the WSDL,
but when I use
‘https://192.168.11.137:8443/wsrf/services/CounterService?wsdl',the browser
will give a warning:
You have attemped to establish a connection with "192.168.11.137". However,the
security certificate presented belonged to"ibm.grid". It is possible,though
unlikely, that some one may be trying to intercept your communication with this
web site.... 

So it seems that the  reason for my error is that the subject name in the
certificate is "ibm .grid", but the java code  use IP(the IP is retrived from
the WSDL of the web serveice) to acess the Webservice. So it need a alternative
name, But how can I add a alternative name into  the certifacation with he
Simple CA of GlobusToolkit?  Besides adding a alternative name into my
certificate, are there other ways to solve this problem? How to make java cog
recognize the name and IP at the same time?

------- Comment #1 From Luo Keyue 2008-07-29 02:22:51 -------

By the way, I can get the JobSubmission example done. And I'm using
GlobusToolkit4.0.2

------- Comment #2 From Rachana Ananthakrishnan 2008-07-30 10:24:57 -------

This is an issue with configuration/certificate and has already been posted on
the mailing list:
http://www.globus.org/mail_archive/gt-user/2008/07/msg00269.html. Please follow
up there.