Hello Charles, thanks for your reply!
The grid-proxy-init on client side is okay:
grid-proxy-init -debug -verify
User Cert File: /home/fabian/.globus/usercert.pem
User Key File: /home/fabian/.globus/userkey.pem
Trusted CA Cert Dir: /home/fabian/globus-4.0.5/etc/grid-
security/certificates
Output File: /tmp/x509up_u4106
Your identity: /O=Grid/OU=GlobusTest/OU=simpleCA-
mertens.scai.fraunhofer.de/OU=scai.fraunhofer.de/CN=Fabian
Lueghausen
Enter GRID pass phrase for this identity:
Creating proxy ..++++++++++++
...........++++++++++++
Done
Proxy Verify OK
Your proxy is valid until: Thu Sep 13 04:35:29 2007
The CA I'm using on client side is the same CA installed on server
side.
When I try to invoke the CounterService I get this (client on my local
machine):
[EMAIL PROTECTED] ~]$ counter-client -s
https://ingrid:9000/wsrf/services/CounterService
Error: ; nested exception is:
org.globus.common.ChainedIOException: Authentication
failed [Causedby: Failure unspecified at GSS-API level [Caused
by: Bad certificate (The signature of
'O=Grid,OU=GlobusTest,OU=simpleCA-
ingrid.scai.fraunhofer.de,CN=host/ingrid.scai.fraunhofer.de'
certificate does not match its issuer)]] (*)
But the CA I'm using is a different one:
[EMAIL PROTECTED] ~]$ grid-proxy-info
subject : /O=Grid/OU=GlobusTest/OU=simpleCA-
mertens.scai.fraunhofer.de/OU=scai.fraunhofer.de/CN=Fabian
Lueghausen/CN=1719743474
issuer : /O=Grid/OU=GlobusTest/OU=simpleCA-
mertens.scai.fraunhofer.de/OU=scai.fraunhofer.de/CN=Fabian
Lueghausen
(**)
identity : /O=Grid/OU=GlobusTest/OU=simpleCA-
mertens.scai.fraunhofer.de/OU=scai.fraunhofer.de/CN=Fabian
Lueghausen
type : Proxy draft (pre-RFC) compliant impersonation proxy
strength : 512 bits
path : /tmp/x509up_u4106
timeleft : 11:54:12
But executing the CounterClient on the server side results in this:
[EMAIL PROTECTED] SafetyHelloWorld]# counter-client -s
https://ingrid:9000/wsrf/services/CounterService
Got notification with value: 3
Counter has value: 3
Got notification with value: 13
No I'm wondering about the certificate marked with (*). Don't know why
my client is using this certificate. And where this certificate comes
from, because my current certificate (**) is a newer one and it's also
the only certificate installed on my machine.
Thanks for your suggestion !!
Fabian
Am Mittwoch, den 12.09.2007, 09:32 -0500 schrieb Charles Bacon:
> What happens from the client machine if you "grid-proxy-init -verify -
> debug"? The client doesn't usually bother to verify its own proxy,
> this will check the results against the installed certificates.
>
> You are using the same CA on both the client and server, right?
>
>
> Charles
>
> On Sep 12, 2007, at 6:51 AM, Fabian Lueghausen wrote:
>
> > Hello !
> >
> > I have a big problem with my CA.
> > I wrote a simple hello world service and deployed it into a service
> > container.
> > Then I tried to invoke this service with my client using transport
> > layer
> > security.
> >
> > But the result was not very satisfying.. The client is not able to
> > find
> > my CA although I made a valid grid-proxy-init.
> >
> >
> > ++++ Client side: ++++
> >
> > [EMAIL PROTECTED] SafetyHelloWorld]$ ant runClient
> > Buildfile: build.xml
> >
> > setGlobus:
> >
> > checkGlobus:
> > [echo] Globus: /home/fabian/globus-4.0.5
> >
> > defineClasspaths:
> >
> > runClient:
> > [echo] Connecting to service:
> > https://ingrid:9000/wsrf/services/mpcci/SafetyHelloWorld
> > [java] JVM args ignored when same JVM is used.
> > [java] Running the Grid Service Client
> > [java] AxisFault
> > [java] faultCode:
> > {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
> > [java] faultSubcode:
> > [java] faultString: org.globus.common.ChainedIOException:
> > Authentication failed [Caused by: Failure unspecified at GSS-API level
> > [Caused by: Unknown CA]]
> > [java] faultActor:
> > [java] faultNode:
> > [java] faultDetail:
> > [java] {http://xml.apache.org/axis/}stackTrace:Authentication
> > failed. Caused by Failure unspecified at GSS-API level. Caused by
> > COM.claymoresystems.ptls.SSLThrewAlertException: Unknown CA
> > [java] at COM.claymoresystems.ptls.SSLConn.alert
> > (SSLConn.java:235)
> > [java] at
> > COM.claymoresystems.ptls.SSLHandshake.recvCertificate
> > (SSLHandshake.java:304)
> > [java] at
> > COM.claymoresystems.ptls.SSLHandshakeClient.processTokens
> > (SSLHandshakeClient.java:128)
> > [java] at
> > COM.claymoresystems.ptls.SSLHandshake.processHandshake
> > (SSLHandshake.java:135)
> > [java] at
> > org.globus.gsi.gssapi.GlobusGSSContextImpl.initSecContext
> > (GlobusGSSContextImpl.java:483)
> > [java] at
> > org.globus.gsi.gssapi.net.GssSocket.authenticateClient
> > (GssSocket.java:102)
> > [java] at org.globus.gsi.gssapi.net.GssSocket.startHandshake
> > (GssSocket.java:140)
> > [java] at org.globus.gsi.gssapi.net.GssSocket.getOutputStream
> > (GssSocket.java:161)
> > [java] at
> > org.apache.axis.transport.http.HTTPSender.writeToSocket
> > (HTTPSender.java:433)
> > [java] at org.apache.axis.transport.http.HTTPSender.invoke
> > (HTTPSender.java:135)
> > [java] at org.apache.axis.strategies.InvocationStrategy.visit
> > (InvocationStrategy.java:32)
> > [java] at org.apache.axis.SimpleChain.doVisiting
> > (SimpleChain.java:118)
> > [java] at org.apache.axis.SimpleChain.invoke
> > (SimpleChain.java:83)
> > [java] at org.apache.axis.client.AxisClient.invoke
> > (AxisClient.java:165)
> > [java] at org.apache.axis.client.Call.invokeEngine
> > (Call.java:2727)
> > [java] at org.apache.axis.client.Call.invoke(Call.java:2710)
> > [java] at org.apache.axis.client.Call.invoke(Call.java:2386)
> > [java] at org.apache.axis.client.Call.invoke(Call.java:2309)
> > [java] at org.apache.axis.client.Call.invoke(Call.java:1766)
> > [java] at
> > de.fhg.scai.mpcci.stubs.bindings.SafetyHelloWorldPortTypeSOAPBindingSt
> > ub.getServiceSecurityMetadata
> > (SafetyHelloWorldPortTypeSOAPBindingStub.java:722)
> > [java] at
> >
> > (.......)
> >
> >
> > ++++ Server side: ++++
> >
> > 2007-09-12 12:55:10,139 ERROR container.GSIServiceThread
> > [ServiceThread-14,process:145] Error processing request
> > java.net.SocketException: Connection reset
> > at java.net.SocketInputStream.read(SocketInputStream.java:168)
> > at org.globus.gsi.gssapi.SSLUtil.read(SSLUtil.java:37)
> > at org.globus.gsi.gssapi.net.impl.GSIGssInputStream.readToken
> > (GSIGssInputStream.java:64)
> > at
> > org.globus.gsi.gssapi.net.impl.GSIGssInputStream.readHandshakeToken
> > (GSIGssInputStream.java:54)
> > at org.globus.gsi.gssapi.net.impl.GSIGssSocket.readToken
> > (GSIGssSocket.java:60)
> > at org.globus.gsi.gssapi.net.GssSocket.authenticateServer
> > (GssSocket.java:122)
> > at org.globus.gsi.gssapi.net.GssSocket.startHandshake
> > (GssSocket.java:142)
> > at org.globus.gsi.gssapi.net.GssSocket.getOutputStream
> > (GssSocket.java:161)
> > at org.globus.wsrf.container.GSIServiceThread.process
> > (GSIServiceThread.java:102)
> > at org.globus.wsrf.container.ServiceThread.run
> > (ServiceThread.java:302)
> >
> >
> > ++++ ++++ ++++
> >
> >
> >
> >
> > The curious is that it works when I'm just executing the client at the
> > same machine the server runs on. (*) But not when I'm running the
> > client
> > on my local machine.
> > Perhaps the cause is related to the fact that I installed my CA as
> > root
> > at the server and as non-root at my local machine? This is what I
> > guess.
> >
> > Hope that you can help me??
> >
> > Best greets from St. Augustin,
> >
> > Fabian
> >
> >
> >
> > _______________________________
> > *)
> > [EMAIL PROTECTED] SafetyHelloWorld]# ant runClient
> > Buildfile: build.xml
> >
> > setGlobus:
> >
> > checkGlobus:
> > [echo] Globus: /usr/local/globus-4.0.3
> >
> > defineClasspaths:
> >
> > runClient:
> > [echo] Connecting to service:
> > https://ingrid:9000/wsrf/services/mpcci/S
> > [java] JVM args ignored when same JVM is used.
> > [java] Running the Grid Service Client
> >
> > [java] Hello Alice.
> > [java] I recently read your message: "How are you?"
> > [java] Yours Bob.
> > [java] Zeit: 13:3
> >
> > BUILD SUCCESSFUL
> > Total time: 12 seconds
> >
> >
> >
> >
>
