Metadata download error

Joy Veronneau jv11 at
Thu Apr 3 10:59:06 EDT 2014


I am researching a problem retrieving a vendor's metadata via URL configured in our relying-party.xml file. We are getting a certificate validation error, and I think this is because the certificate refers to a cname for the machine.

In some cases, we are able to download the metadata and in others, not. For example, when I log into the idp and use wget or curl, I get errors. This is on redhat 5. On a redhat 6 machine, we do not get these errors. So I'm guessing there is some library or something I need to update on the redhat 5 machine, can someone please clue me in? Going to redhat 6 is not currently an option...

For now, I have downloaded the metadata to a file and things seem to be working.



--2014-04-03 10:39:26--
Connecting to||:443... connected.
ERROR: certificate common name `*' doesn't match requested host name `'.
To connect to insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.

curl: (51) SSL: certificate subject name '*' does not match target host name ''

Error in idp logs: SSL peer failed hostname validation for name: 
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$ 
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry( 
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod( 
    at org.apache.commons.httpclient.HttpClient.executeMethod( 
    at org.apache.commons.httpclient.HttpClient.executeMethod( 
    at org.opensaml.saml2.metadata.provider.HTTPMetadataProvider.fetchMetadata( 
    at org.opensaml.saml2.metadata.provider.FileBackedHTTPMetadataProvider.fetchMetadata( 
    at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh( 
    at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider$ 
    at java.util.TimerThread.mainLoop(Unknown Source) 
    at Source)

More information about the users mailing list