The reason for this error is because the cert on your back-end must be having a different host than 192.168.8.101:9443 as its CN. To rectify this error you either have to deploy a cert which bears 192.168.8.101:9443 as its CN on the back-end or set the HostnameVerifier property to AllowAll on the transportSender of the axis2.xml.
Thanks, NuwanD. On Thu, Oct 26, 2017 at 11:49 PM, Menaka Jayawardena <men...@wso2.com> wrote: > Hi, > > I'm working on configuring API Manager for dynamic SSL profile loading > [1]. I need to enable this for PassthroughHTTPSender. > I did the configuration in API Manager, axis2.xml and created the custom > profile xml, senderprofiles.xml. > > My backend API is running on 192.168.8.101:9443 and API Manager is on > 192.168.8.101:9444. > When invoking the published API, I got the error below. > > [2017-10-26 23:34:50,389] ERROR - TargetHandler I/O error: Host name > verification failed for host : 192.168.8.101 > javax.net.ssl.SSLException: Host name verification failed for host : > 192.168.8.101 > at org.apache.synapse.transport.http.conn.ClientSSLSetupHandler.verify( > ClientSSLSetupHandler.java:171) > at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake( > SSLIOSession.java:308) > at org.apache.http.nio.reactor.ssl.SSLIOSession. > isAppInputReady(SSLIOSession.java:410) > at org.apache.http.impl.nio.reactor.AbstractIODispatch. > inputReady(AbstractIODispatch.java:119) > at org.apache.http.impl.nio.reactor.BaseIOReactor. > readable(BaseIOReactor.java:159) > at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent( > AbstractIOReactor.java:338) > at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents( > AbstractIOReactor.java:316) > at org.apache.http.impl.nio.reactor.AbstractIOReactor. > execute(AbstractIOReactor.java:277) > at org.apache.http.impl.nio.reactor.BaseIOReactor.execute( > BaseIOReactor.java:105) > at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$ > Worker.run(AbstractMultiworkerIOReactor.java:586) > at java.lang.Thread.run(Thread.java:745) > [2017-10-26 23:34:50,593] WARN - EndpointContext Endpoint : > admin--Echo_APIproductionEndpoint_0 > with address https://192.168.8.101:9443/RESTfulExample/rest/hello/sdsd > will be marked SUSPENDED as it failed > > Here is the configuration in sender profile. > > <parameter name="customSSLProfiles"> > <profile> > <servers>192.168.8.101:9443</servers> > <KeyStore> > <Location>repository/resources/security/apim.jks</Location> > <Type>JKS</Type> > <Password>wso2carbon</Password> > <KeyPassword>wso2carbon</KeyPassword> > </KeyStore> > <TrustStore> > <Location>repository/resources/security/ > apimtruststore.jks</Location> > <Type>JKS</Type> > <Password>wso2carbon</Password> > </TrustStore> > </profile> > </parameter> > > I added the client cert to apimtruststore.jks. > > What could be the possible reason for this? > > [1] https://docs.wso2.com/display/ESB490/Multi-HTTPS+Transport#Multi- > HTTPSTransport-DynamicSSLprofiles > > > Thanks and Regards, > Menaka > -- > *Menaka Jayawardena* > *Software Engineer - WSO2 Inc* > *Tel : 071 350 5470* > *LinkedIn: https://lk.linkedin.com/in/menakajayawardena > <https://lk.linkedin.com/in/menakajayawardena>* > *Blog: https://menakamadushanka.wordpress.com/ > <https://menakamadushanka.wordpress.com/>* > > -- Nuwan Dias Software Architect - WSO2, Inc. http://wso2.com email : nuw...@wso2.com Phone : +94 777 775 729
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
