Actually I have used another Nginx to resolve my issue, not a permanent solution. AFAIU this is getting due to httpclient 4.3.1 doesn't support SNI.
@IsuruU, Shouldn't it upgrade to httpclient 4.3.2 ? Regards, Aparna. On Fri, Nov 20, 2015 at 11:24 AM, Malintha Adikari <[email protected]> wrote: > Hi Aprana, > > I am getting the same issue while accessing APIM distributed cluster nodes > fronted through loadbalancer(nginx) instance. Did you able to solve this > issue ? If so how did you solve it ? > > Regards, > Malintha > > On Wed, Oct 28, 2015 at 2:09 PM, Isuru Udana <[email protected]> wrote: > >> Hi Aparna, >> >> Bundles are coming from features, whatever version defined in the product >> pom have no relationship for that. >> >> Thanks. >> >> On Wed, Oct 28, 2015 at 11:20 AM, Aparna Karunarathna <[email protected]> >> wrote: >> >>> Hi Isuru, >>> >>> I checked version from the ESB master branch pom[1]. >>> >>> <httpclient.version>4.1.2</httpclient.version> >>> >>> [1] https://github.com/wso2/product-esb/blob/master/pom.xml >>> >>> Regards, >>> Aparna. >>> >>> On Tue, Oct 27, 2015 at 5:41 AM, Isuru Udana <[email protected]> wrote: >>> >>>> Hi Aparna, >>>> >>>> We are using 4.3.1. >>>> >>>> >>>> Thanks. >>>> >>>> On Mon, Oct 26, 2015 at 10:36 AM, Aparna Karunarathna <[email protected]> >>>> wrote: >>>> >>>>> Hi Kasun/Isuru, >>>>> >>>>> Currently ESB uses Apache httpclient 4.1.2, shouldn't it upgrade to >>>>> newer version? >>>>> >>>>> @Deep, Thanks for the clarification. >>>>> >>>>> Regards, >>>>> Aparna >>>>> >>>>> On Sat, Oct 24, 2015 at 11:38 AM, Deependra Ariyadewa <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Aparna, >>>>>> >>>>>> This can happen when the client does not send the SNI[1][2] to the >>>>>> server side to select the proper HTTPS virtual host. In this case NGINX >>>>>> reverse proxy created in the vhost. Most of the modern browsers send SNI >>>>>> to >>>>>> server, therefore you will not observe this when you make the request >>>>>> via a >>>>>> modern browser. >>>>>> >>>>>> Most of the new Java HTTP client libraries also support SNI. As an >>>>>> example, Apache httpclient library support SNI from version 4.3.2 [3]. If >>>>>> you use a library which does not support SNI, you will get this error for >>>>>> HTTPS call going towards services hosted in virtual host environments. >>>>>> >>>>>> [1] https://en.wikipedia.org/wiki/Server_Name_Indication >>>>>> [2] https://www.ietf.org/rfc/rfc3546.txt >>>>>> [3] https://hc.apache.org/news.html >>>>>> >>>>>> On Fri, Oct 23, 2015 at 11:07 AM, Aparna Karunarathna < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> I have encountered a weird "hostname in certificate didn't match:" >>>>>>> issue when accessing IS dashboard. My setup details are as follows. >>>>>>> >>>>>>> *Setup Details* >>>>>>> *IS cluster* >>>>>>> - 3 nodes cluster >>>>>>> - Hostname - mgt.is.wso2.com >>>>>>> - Certificate CN - mgt.is.wso2.com >>>>>>> >>>>>>> *BPS cluster* >>>>>>> - 2 nodes cluster (manager/worker) >>>>>>> - Hostnames - Manager - mgt.bps.wso2.com / Worker - wrk.bps.wso2.com >>>>>>> - Certificate CN - *.bps.wso2.com >>>>>>> >>>>>>> * Both nodes are fronted by same Nginx plus load balancer. >>>>>>> >>>>>>> [1] >>>>>>> javax.net.ssl.SSLException: hostname in certificate didn't match: < >>>>>>> mgt.is.wso2.com> != <*.bps.wso2.com> >>>>>>> at >>>>>>> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:238) >>>>>>> at >>>>>>> org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54) >>>>>>> .... >>>>>>> .... >>>>>>> >>>>>>> When we check the browser cookie, it gave correct certificate. ( >>>>>>> mgt.is.wso2.com), but when we check it from java client[2] it gives >>>>>>> the bps certificate (*.bps.wso2.com) instead of IS. >>>>>>> >>>>>>> [2] >>>>>>> https://darray.wordpress.com/2015/07/12/freak-vulnerability-and-disabling-weak-export-cipher-suites-in-wso2-carbon-4-2-0-based-products/ >>>>>>> >>>>>>> What is the reason for this? Is it my config issue or Nginx issue or >>>>>>> our product issue? >>>>>>> >>>>>>> -- >>>>>>> *Regards,* >>>>>>> >>>>>>> *Aparna Karunarathna.* >>>>>>> >>>>>>> >>>>>>> *Associate Technical Lead - QAWSO2 Inc.Mobile: 0714002533 >>>>>>> <0714002533>* >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Deependra Ariyadewa >>>>>> WSO2, Inc. http://wso2.com/ http://wso2.org >>>>>> >>>>>> email [email protected]; cell +94 71 403 5996 ; >>>>>> Blog http://risenfall.wordpress.com/ >>>>>> PGP info: KeyID: 'DC627E6F' >>>>>> >>>>>> *WSO2 - Lean . Enterprise . Middleware* >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> *Regards,* >>>>> >>>>> *Aparna Karunarathna.* >>>>> >>>>> >>>>> *Associate Technical Lead - QAWSO2 Inc.Mobile: 0714002533 <0714002533>* >>>>> >>>> >>>> >>>> >>>> -- >>>> *Isuru Udana* >>>> Associate Technical Lead >>>> WSO2 Inc.; http://wso2.com >>>> email: [email protected] cell: +94 77 3791887 >>>> blog: http://mytecheye.blogspot.com/ >>>> >>> >>> >>> >>> -- >>> *Regards,* >>> >>> *Aparna Karunarathna.* >>> >>> >>> *Associate Technical Lead - QAWSO2 Inc.Mobile: 0714002533 <0714002533>* >>> >> >> >> >> -- >> *Isuru Udana* >> Associate Technical Lead >> WSO2 Inc.; http://wso2.com >> email: [email protected] cell: +94 77 3791887 >> blog: http://mytecheye.blogspot.com/ >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > *Malintha Adikari* > Software Engineer > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > Mobile: +94 71 2312958 > Blog: http://malinthas.blogspot.com > Page: http://about.me/malintha > -- *Regards,* *Aparna Karunarathna.* *Associate Technical Lead - QAWSO2 Inc.Mobile: 0714002533*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
