问题
I am currently setting up a dockerized WSO Api Manager. We have got a wildcard certificates for our domain. I successfully transformed it into a java keystore and replaced the two jks files.
When I open the API manager, I get no ssl warnings and the browser marks my connection as secure.
When I try to login I get an error :
In the log files I get :
TID: [-1234] [] [2017-03-24 11:37:55,305] INFO
{org.apache.axis2.transport.http.HTTPSender} - Unable to sendViaPost
to url[https://localhost:9443/services/AuthenticationAdmin]
{org.apache.axis2.transport.http.HTTPSender}
javax.net.ssl.SSLException: hostname in certificate didn't match:
<localhost> != </*.mydomain.io/mydomain.io/*.mydomain.io>
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:341)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:277)
It looks like the Server is trying to do SSL connections to localhost. So how can I add a matching certificate to the keystore allowing localhost access?
Many thanks!
回答1:
In the api-manager.xml file , change all references of localhost to match your domain name , restart , and it should be good.
Setting
<parameter name="HostnameVerifier">AllowAll</parameter>
is a security risk , Hostname Verification is there for a reason.
回答2:
Inside the axis2\axis2.xml file on the conf folder you have to change the https transportSenderto have the following line:
<parameter name="HostnameVerifier">AllowAll</parameter>
Here you can read a little more about that
来源:https://stackoverflow.com/questions/42998759/ssl-connection-causes-javax-net-ssl-sslexception-hostname-in-certificate-didnt