[-architecture][+dev] Hi Dimitry,
That's very strange given that you're sure about your certificates. With the given information I can't think of a reason for this. But I can give you a workaround. This is not the best solution of course, since disabling hostname verification is not recommended. Add this line to wso2carbon.sh * -Dorg.opensaml.httpclient.https.disableHostnameVerification=true \* Thanks, Bhathiya On Tue, Jul 4, 2017 at 8:41 PM, Dmitry Lukyanov <[email protected]> wrote: > Hello all, > > QUESTION: > > Where I can configure/customize hostname validator for > org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory in wso2is 5.3.0 > ? > > > CONFIGURATION: > > I get clean wso2is 5.3.0 and did the following changes to configure it > working with IP and with localhost: > > repository/conf/carbon.xml > > <HostName>172.25.22.67</HostName> > <MgtHostName>172.25.22.67</MgtHostName> > > repository/resources/security/wso2carbon.jks > > recreated keystore with the following command to support subject alter > names (SAN): > keytool -genkey -dname "CN=localhost" -alias wso2carbon -validity 3650 > -keyalg RSA -keystore wso2carbon.jks -keypass wso2carbon -storepass > wso2carbon -ext san=ip:172.25.22.67,ip:127.0.0.1,dns:localhost > > in this case i see in certificate Extension/Certificate Subject Alt > Name: > IP Address: 172.25.22.67 > IP Address: 127.0.0.1 > DNS Name: localhost > > repository/resources/security/client-truststore.jks > > imported public key for generated private key > > PROBLEM: > > I'm sure about my certificates and simple java program successfully calls > wso2is services using new client-truststore.jks > Everything works fine until i try to login into wso2is dashboard: > https://172.25.22.67:9443/dashboard/ > > I got an error: > [2017-07-04 17:15:28,159] ERROR {JAGGERY.acs:jag} - > org.mozilla.javascript.WrappedException: > Wrapped org.jaggeryjs.scriptengine.exceptions.ScriptException: > SSL peer failed hostname validation for name: 172.25.22.67 > (/dashboard/controllers/wsUtil.jag#27) > ... > Caused by: javax.net.ssl.SSLPeerUnverifiedException: SSL peer failed > hostname validation for name: 172.25.22.67 > at org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory. > verifyHostname(TLSProtocolSocketFactory.java:233) > at org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory. > createSocket(TLSProtocolSocketFactory.java:194) > at org.apache.commons.httpclient.HttpConnection.open( > HttpConnection.java:707) > at org.apache.commons.httpclient.MultiThreadedHttpConnectionMan > ager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionMan > ager.java:1361) > at org.apache.commons.httpclient.HttpMethodDirector. > executeWithRetry(HttpMethodDirector.java:387) > at org.apache.commons.httpclient.HttpMethodDirector.executeMethod( > HttpMethodDirector.java:171) > at org.apache.commons.httpclient.HttpClient.executeMethod( > HttpClient.java:397) > at org.apache.axis2.transport.http.AbstractHTTPSender. > executeMethod(AbstractHTTPSender.java:659) > at org.apache.axis2.transport.http.HTTPSender.sendViaPost( > HTTPSender.java:195) > ... 82 more > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Bhathiya Jayasekara* *Associate Technical Lead,* *WSO2 inc., http://wso2.com <http://wso2.com>* *Phone: +94715478185* *LinkedIn: http://www.linkedin.com/in/bhathiyaj <http://www.linkedin.com/in/bhathiyaj>* *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* *Blog: http://movingaheadblog.blogspot.com <http://movingaheadblog.blogspot.com/>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
