Bug 6268 – cannot make the "ServiceInvocation " example work becese of authentication error:

Bug 6268 - cannot make the "ServiceInvocation " example work becese of authentication error:

Summary:

cannot make the "ServiceInvocation " example work becese of authentication e...

Status:	RESOLVED INVALID

Product:	Java WS Core
Component:	globus_wsrf_core
Version:	4.0.2
Platform:	PC Linux

Importance:	P3 normal
Target Milestone:	---
Assigned To:	Rachana Ananthakrishnan

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2008-07-29 02:01 by Luo Keyue
Modified:	2008-07-30 10:24 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Luo Keyue 2008-07-29 02:01:46

I cannot make "ServiceInvocation " example work becese of authentication 
error:

[Thread-0] ERROR wsif  - WSIF0002E：failed to  load WSDL from url
‘https://ibm.grid:8443/wsrf/services/CounterService?wsdl’
WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported document at
'https://192.168.11.137:8443/share/schema/core/samples/counter/counter_bindings.wsdl'.:
java.security.cert.CertificateException: No subject alternative names present:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException:
No subject alternative names present
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
.....................................
.......................
I use the CA bundled with the  Globus-Tookit to generate container certificate,
its DN is : O=Grid, OU=GlobusTest, OU=simpleCA-gaobb.lreis, CN=ibm.grid. 
ibm.grid  is my host name(I set this in the NetWork Cofiguration of the
Operating System and write it in to the /etc/hosts ) .I don't use the default
name (O=Grid, OU=GlobusTest, OU=simpleCA-gaobb.lreis,
CN=host/ibm.grid)generated by the simple CA because the java cog don't think
the "host/ibm.grid"  and "ibm.grid" refers to the same  subject, and it cause
errors.  I use the browser(firefox) to type
‘https://ibm.grid:8443/wsrf/services/CounterService?wsdl',I can get the WSDL,
but when I use
‘https://192.168.11.137:8443/wsrf/services/CounterService?wsdl',the browser
will give a warning:
You have attemped to establish a connection with "192.168.11.137". However,the
security certificate presented belonged to"ibm.grid". It is possible,though
unlikely, that some one may be trying to intercept your communication with this
web site.... 

So it seems that the  reason for my error is that the subject name in the
certificate is "ibm .grid", but the java code  use IP(the IP is retrived from
the WSDL of the web serveice) to acess the Webservice. So it need a alternative
name, But how can I add a alternative name into  the certifacation with he
Simple CA of GlobusToolkit?  Besides adding a alternative name into my
certificate, are there other ways to solve this problem? How to make java cog
recognize the name and IP at the same time?

------- Comment #1 From Luo Keyue 2008-07-29 02:22:51 -------

By the way, I can get the JobSubmission example done. And I'm using
GlobusToolkit4.0.2

------- Comment #2 From Rachana Ananthakrishnan 2008-07-30 10:24:57 -------

This is an issue with configuration/certificate and has already been posted on
the mailing list:
http://www.globus.org/mail_archive/gt-user/2008/07/msg00269.html. Please follow
up there.