Bugzilla – Full Text Bug Listing
|Summary:||cannot make the "ServiceInvocation " example work becese of authentication error:|
|Product:||Java WS Core||Reporter:||Luo Keyue <email@example.com>|
|Component:||globus_wsrf_core||Assignee:||Rachana Ananthakrishnan <firstname.lastname@example.org>|
I cannot make "ServiceInvocation " example work becese of authentication error: [Thread-0] ERROR wsif - WSIF0002E：failed to load WSDL from url ‘https://ibm.grid:8443/wsrf/services/CounterService?wsdl’ WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported document at 'https://192.168.11.137:8443/share/schema/core/samples/counter/counter_bindings.wsdl'.: java.security.cert.CertificateException: No subject alternative names present: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187) ..................................... ....................... I use the CA bundled with the Globus-Tookit to generate container certificate, its DN is : O=Grid, OU=GlobusTest, OU=simpleCA-gaobb.lreis, CN=ibm.grid. ibm.grid is my host name(I set this in the NetWork Cofiguration of the Operating System and write it in to the /etc/hosts ) .I don't use the default name (O=Grid, OU=GlobusTest, OU=simpleCA-gaobb.lreis, CN=host/ibm.grid)generated by the simple CA because the java cog don't think the "host/ibm.grid" and "ibm.grid" refers to the same subject, and it cause errors. I use the browser(firefox) to type ‘https://ibm.grid:8443/wsrf/services/CounterService?wsdl',I can get the WSDL, but when I use ‘https://192.168.11.137:8443/wsrf/services/CounterService?wsdl',the browser will give a warning: You have attemped to establish a connection with "192.168.11.137". However,the security certificate presented belonged to"ibm.grid". It is possible,though unlikely, that some one may be trying to intercept your communication with this web site.... So it seems that the reason for my error is that the subject name in the certificate is "ibm .grid", but the java code use IP(the IP is retrived from the WSDL of the web serveice) to acess the Webservice. So it need a alternative name, But how can I add a alternative name into the certifacation with he Simple CA of GlobusToolkit? Besides adding a alternative name into my certificate, are there other ways to solve this problem? How to make java cog recognize the name and IP at the same time?
By the way, I can get the JobSubmission example done. And I'm using GlobusToolkit4.0.2
This is an issue with configuration/certificate and has already been posted on the mailing list: http://www.globus.org/mail_archive/gt-user/2008/07/msg00269.html. Please follow up there.