Hi Nuwan, Thank you very much for the response. Actually, that was the issue. I debugged through the code and identified that the CN is not equal to the hostname. After changing the CN in the backend, it worked properly.
Thanks and Regards, Menaka On Thu, Oct 26, 2017 at 11:56 PM, Nuwan Dias <[email protected]> wrote: > The reason for this error is because the cert on your back-end must be > having a different host than 192.168.8.101:9443 as its CN. To rectify > this error you either have to deploy a cert which bears 192.168.8.101:9443 > as its CN on the back-end or set the HostnameVerifier property to AllowAll > on the transportSender of the axis2.xml. > > Thanks, > NuwanD. > > On Thu, Oct 26, 2017 at 11:49 PM, Menaka Jayawardena <[email protected]> > wrote: > >> Hi, >> >> I'm working on configuring API Manager for dynamic SSL profile loading >> [1]. I need to enable this for PassthroughHTTPSender. >> I did the configuration in API Manager, axis2.xml and created the custom >> profile xml, senderprofiles.xml. >> >> My backend API is running on 192.168.8.101:9443 and API Manager is on >> 192.168.8.101:9444. >> When invoking the published API, I got the error below. >> >> [2017-10-26 23:34:50,389] ERROR - TargetHandler I/O error: Host name >> verification failed for host : 192.168.8.101 >> javax.net.ssl.SSLException: Host name verification failed for host : >> 192.168.8.101 >> at org.apache.synapse.transport.http.conn.ClientSSLSetupHandler >> .verify(ClientSSLSetupHandler.java:171) >> at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSL >> IOSession.java:308) >> at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady >> (SSLIOSession.java:410) >> at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputRea >> dy(AbstractIODispatch.java:119) >> at org.apache.http.impl.nio.reactor.BaseIOReactor.readable( >> BaseIOReactor.java:159) >> at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEv >> ent(AbstractIOReactor.java:338) >> at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEv >> ents(AbstractIOReactor.java:316) >> at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute( >> AbstractIOReactor.java:277) >> at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseI >> OReactor.java:105) >> at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReacto >> r$Worker.run(AbstractMultiworkerIOReactor.java:586) >> at java.lang.Thread.run(Thread.java:745) >> [2017-10-26 23:34:50,593] WARN - EndpointContext Endpoint : >> admin--Echo_APIproductionEndpoint_0 with address >> https://192.168.8.101:9443/RESTfulExample/rest/hello/sdsd will be marked >> SUSPENDED as it failed >> >> Here is the configuration in sender profile. >> >> <parameter name="customSSLProfiles"> >> <profile> >> <servers>192.168.8.101:9443</servers> >> <KeyStore> >> <Location>repository/resources/security/apim.jks</Location> >> <Type>JKS</Type> >> <Password>wso2carbon</Password> >> <KeyPassword>wso2carbon</KeyPassword> >> </KeyStore> >> <TrustStore> >> <Location>repository/resources/security/apimtruststore.jks</ >> Location> >> <Type>JKS</Type> >> <Password>wso2carbon</Password> >> </TrustStore> >> </profile> >> </parameter> >> >> I added the client cert to apimtruststore.jks. >> >> What could be the possible reason for this? >> >> [1] https://docs.wso2.com/display/ESB490/Multi-HTTPS+Transpo >> rt#Multi-HTTPSTransport-DynamicSSLprofiles >> >> >> Thanks and Regards, >> Menaka >> -- >> *Menaka Jayawardena* >> *Software Engineer - WSO2 Inc* >> *Tel : 071 350 5470* >> *LinkedIn: https://lk.linkedin.com/in/menakajayawardena >> <https://lk.linkedin.com/in/menakajayawardena>* >> *Blog: https://menakamadushanka.wordpress.com/ >> <https://menakamadushanka.wordpress.com/>* >> >> > > > -- > Nuwan Dias > > Software Architect - WSO2, Inc. http://wso2.com > email : [email protected] > Phone : +94 777 775 729 <+94%2077%20777%205729> > -- *Menaka Jayawardena* *Software Engineer - WSO2 Inc* *Tel : 071 350 5470* *LinkedIn: https://lk.linkedin.com/in/menakajayawardena <https://lk.linkedin.com/in/menakajayawardena>* *Blog: https://menakamadushanka.wordpress.com/ <https://menakamadushanka.wordpress.com/>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
