Sorry the other thread is [1] [1] - [Clarification](EONPROD-24) Accessing webpage via WSO2 ESB not possbile - handshake error
On Mon, Nov 23, 2015 at 2:29 PM, Dilshan Edirisuriya <dils...@wso2.com> wrote: > Hi Aparna, > > It seems that the same issue occurring at [1]. > > [1] - [Dev][IS] "hostname in certificate didn't match:" issue when > accessing IS dashboard > > Regards, > > Dilshan > > On Fri, Nov 20, 2015 at 11:38 AM, Aparna Karunarathna <apa...@wso2.com> > wrote: > >> Actually I have used another Nginx to resolve my issue, not a permanent >> solution. AFAIU this is getting due to httpclient 4.3.1 doesn't support >> SNI. >> >> @IsuruU, Shouldn't it upgrade to httpclient 4.3.2 ? >> >> Regards, >> Aparna. >> >> >> On Fri, Nov 20, 2015 at 11:24 AM, Malintha Adikari <malin...@wso2.com> >> wrote: >> >>> Hi Aprana, >>> >>> I am getting the same issue while accessing APIM distributed cluster >>> nodes fronted through loadbalancer(nginx) instance. Did you able to solve >>> this issue ? If so how did you solve it ? >>> >>> Regards, >>> Malintha >>> >>> On Wed, Oct 28, 2015 at 2:09 PM, Isuru Udana <isu...@wso2.com> wrote: >>> >>>> Hi Aparna, >>>> >>>> Bundles are coming from features, whatever version defined in the >>>> product pom have no relationship for that. >>>> >>>> Thanks. >>>> >>>> On Wed, Oct 28, 2015 at 11:20 AM, Aparna Karunarathna <apa...@wso2.com> >>>> wrote: >>>> >>>>> Hi Isuru, >>>>> >>>>> I checked version from the ESB master branch pom[1]. >>>>> >>>>> <httpclient.version>4.1.2</httpclient.version> >>>>> >>>>> [1] https://github.com/wso2/product-esb/blob/master/pom.xml >>>>> >>>>> Regards, >>>>> Aparna. >>>>> >>>>> On Tue, Oct 27, 2015 at 5:41 AM, Isuru Udana <isu...@wso2.com> wrote: >>>>> >>>>>> Hi Aparna, >>>>>> >>>>>> We are using 4.3.1. >>>>>> >>>>>> >>>>>> Thanks. >>>>>> >>>>>> On Mon, Oct 26, 2015 at 10:36 AM, Aparna Karunarathna < >>>>>> apa...@wso2.com> wrote: >>>>>> >>>>>>> Hi Kasun/Isuru, >>>>>>> >>>>>>> Currently ESB uses Apache httpclient 4.1.2, shouldn't it upgrade to >>>>>>> newer version? >>>>>>> >>>>>>> @Deep, Thanks for the clarification. >>>>>>> >>>>>>> Regards, >>>>>>> Aparna >>>>>>> >>>>>>> On Sat, Oct 24, 2015 at 11:38 AM, Deependra Ariyadewa <d...@wso2.com >>>>>>> > wrote: >>>>>>> >>>>>>>> Hi Aparna, >>>>>>>> >>>>>>>> This can happen when the client does not send the SNI[1][2] to the >>>>>>>> server side to select the proper HTTPS virtual host. In this case NGINX >>>>>>>> reverse proxy created in the vhost. Most of the modern browsers send >>>>>>>> SNI to >>>>>>>> server, therefore you will not observe this when you make the request >>>>>>>> via a >>>>>>>> modern browser. >>>>>>>> >>>>>>>> Most of the new Java HTTP client libraries also support SNI. As an >>>>>>>> example, Apache httpclient library support SNI from version 4.3.2 [3]. >>>>>>>> If >>>>>>>> you use a library which does not support SNI, you will get this error >>>>>>>> for >>>>>>>> HTTPS call going towards services hosted in virtual host environments. >>>>>>>> >>>>>>>> [1] https://en.wikipedia.org/wiki/Server_Name_Indication >>>>>>>> [2] https://www.ietf.org/rfc/rfc3546.txt >>>>>>>> [3] https://hc.apache.org/news.html >>>>>>>> >>>>>>>> On Fri, Oct 23, 2015 at 11:07 AM, Aparna Karunarathna < >>>>>>>> apa...@wso2.com> wrote: >>>>>>>> >>>>>>>>> Hi all, >>>>>>>>> >>>>>>>>> I have encountered a weird "hostname in certificate didn't match:" >>>>>>>>> issue when accessing IS dashboard. My setup details are as follows. >>>>>>>>> >>>>>>>>> *Setup Details* >>>>>>>>> *IS cluster* >>>>>>>>> - 3 nodes cluster >>>>>>>>> - Hostname - mgt.is.wso2.com >>>>>>>>> - Certificate CN - mgt.is.wso2.com >>>>>>>>> >>>>>>>>> *BPS cluster* >>>>>>>>> - 2 nodes cluster (manager/worker) >>>>>>>>> - Hostnames - Manager - mgt.bps.wso2.com / Worker - >>>>>>>>> wrk.bps.wso2.com >>>>>>>>> - Certificate CN - *.bps.wso2.com >>>>>>>>> >>>>>>>>> * Both nodes are fronted by same Nginx plus load balancer. >>>>>>>>> >>>>>>>>> [1] >>>>>>>>> javax.net.ssl.SSLException: hostname in certificate didn't match: < >>>>>>>>> mgt.is.wso2.com> != <*.bps.wso2.com> >>>>>>>>> at >>>>>>>>> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:238) >>>>>>>>> at >>>>>>>>> org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54) >>>>>>>>> .... >>>>>>>>> .... >>>>>>>>> >>>>>>>>> When we check the browser cookie, it gave correct certificate. ( >>>>>>>>> mgt.is.wso2.com), but when we check it from java client[2] it >>>>>>>>> gives the bps certificate (*.bps.wso2.com) instead of IS. >>>>>>>>> >>>>>>>>> [2] >>>>>>>>> https://darray.wordpress.com/2015/07/12/freak-vulnerability-and-disabling-weak-export-cipher-suites-in-wso2-carbon-4-2-0-based-products/ >>>>>>>>> >>>>>>>>> What is the reason for this? Is it my config issue or Nginx issue >>>>>>>>> or our product issue? >>>>>>>>> >>>>>>>>> -- >>>>>>>>> *Regards,* >>>>>>>>> >>>>>>>>> *Aparna Karunarathna.* >>>>>>>>> >>>>>>>>> >>>>>>>>> *Associate Technical Lead - QAWSO2 Inc.Mobile: 0714002533 >>>>>>>>> <0714002533>* >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Deependra Ariyadewa >>>>>>>> WSO2, Inc. http://wso2.com/ http://wso2.org >>>>>>>> >>>>>>>> email d...@wso2.com; cell +94 71 403 5996 ; >>>>>>>> Blog http://risenfall.wordpress.com/ >>>>>>>> PGP info: KeyID: 'DC627E6F' >>>>>>>> >>>>>>>> *WSO2 - Lean . Enterprise . Middleware* >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Regards,* >>>>>>> >>>>>>> *Aparna Karunarathna.* >>>>>>> >>>>>>> >>>>>>> *Associate Technical Lead - QAWSO2 Inc.Mobile: 0714002533 >>>>>>> <0714002533>* >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Isuru Udana* >>>>>> Associate Technical Lead >>>>>> WSO2 Inc.; http://wso2.com >>>>>> email: isu...@wso2.com cell: +94 77 3791887 >>>>>> blog: http://mytecheye.blogspot.com/ >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> *Regards,* >>>>> >>>>> *Aparna Karunarathna.* >>>>> >>>>> >>>>> *Associate Technical Lead - QAWSO2 Inc.Mobile: 0714002533 <0714002533>* >>>>> >>>> >>>> >>>> >>>> -- >>>> *Isuru Udana* >>>> Associate Technical Lead >>>> WSO2 Inc.; http://wso2.com >>>> email: isu...@wso2.com cell: +94 77 3791887 >>>> blog: http://mytecheye.blogspot.com/ >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> *Malintha Adikari* >>> Software Engineer >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> Mobile: +94 71 2312958 >>> Blog: http://malinthas.blogspot.com >>> Page: http://about.me/malintha >>> >> >> >> >> -- >> *Regards,* >> >> *Aparna Karunarathna.* >> >> >> *Associate Technical Lead - QAWSO2 Inc.Mobile: 0714002533* >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Dilshan Edirisuriya > Senior Software Engineer - WSO2 > Mob: + 94 777878905 > http://wso2.com/ > https://www.linkedin.com/profile/view?id=50486426 > -- Dilshan Edirisuriya Senior Software Engineer - WSO2 Mob: + 94 777878905 http://wso2.com/ https://www.linkedin.com/profile/view?id=50486426
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev