Joel Schneider wrote:
At this time, I plan to work with our sysadmins to add a Certificate Template to our Microsoft Certificate Services system which essentially mimics the EUROGRID profile. Re-issuing the user certificate using the new template will hopefully solve our connectivity problem with 4.0.7.
We created a certificate template in Microsoft Certificate Services which corresponds to the EUROGRID profile. However, that didn't solve the apparent ws-core 4.0.7 (and 4.0.8) connectivity problem. Further testing revealed there was a bad (e.g. expired) CRL file for the issuing CA installed in the ~/.globus/certificates directory on the server side. After the bad CRL file for the (Microsoft Certificate Services) issuing CA was removed, the client was then able to successfully connect. On the server side, I added the following two entries to the Tomcat logging.properties file:
org.globus.level = INFO org.globus.wsrf.impl.security.authorization.ServiceAuthorizationChain.level = FINE
However, the server (WS Core 4.0.8 running under tomcat 5.5.26) still does not write anything to the log when a connection attempt fails because of a bad CRL, and the client sees only an EOFException. Is there a simple logging configuration change I could make to have the server write a more informative message to the log when a TLS connection attempt is rejected (due to bad CRL file, or other reason)? Best regards, Joel
