By the way, shouldn't we BCC (instead of CC) the internal mailing lists when mailing to public mailing lists like Dev ?
Hi Dilshani, Disabling hostname verification to bypass this issue would not be a good practice. This error message can come due to several certificate related issues. Therefore, to isolate the exact issue, would you be able to start EI with enabling SSL debug logs for handshake. -Djavax.net.debug=ssl:handshake You'll have to append the SSL debug logs to a file as it would just print to terminal without appending to carbon log. sh integrator.sh -Djavax.net.debug=ssl:handshake > ssl.log Once EI is running, try out the same flow and check (or share) the SSL debug log. Then you should be able to identify the root cause Thanks, TharinduE On Thu, Oct 26, 2017 at 10:16 PM, Dilshani Subasinghe <[email protected]> wrote: > Hi all, > > I implemented "Fine-grained access control for SOAP services" (Refer 25th > pattern in this blog [1]) pattern using WSO2 EI 6.1.1 and WSO2 IS 5.3.0. I > was able to implement the pattern locally and tested it successfully. While > I'm moving to cloud setup, I got some errors while EI going to make the > connection with IS. > > I got an error as follows: > > [*2017-10-26 18:52:05,406] [EI-Core] INFO - HTTPSender Unable to > sendViaPost to url[https://192.168.57.251/services/EntitlementService > <https://192.168.57.251/services/EntitlementService>]* > *javax.net.ssl.SSLPeerUnverifiedException: SSL peer failed hostname > validation for name: null* > * at org.opensaml.ws.soap.client.ht > <http://org.opensaml.ws.soap.client.ht>tp.TLSProtocolSocketFactory.ve > <http://tp.TLSProtocolSocketFactory.ve>rifyHostname(TLSProtocolSocketFactory.java:233)* > * at org.opensaml.ws.soap.client.ht > <http://org.opensaml.ws.soap.client.ht>tp.TLSProtocolSocketFactory.cr > <http://tp.TLSProtocolSocketFactory.cr>eateSocket(TLSProtocolSocketFactory.java:186)* > * at > org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)* > > After referring some docs and emails, found out we need to add following > property in the integrator.sh script. > > *-Dorg.opensaml.httpclient.https.disableHostnameVerification=true \* > > After adding that, again got an error as follows: > > [2017-10-26 20:19:16,448] [EI-Core] INFO - HTTPSender Unable to > sendViaPost to url[https://is.dev.wso2.org/services/EntitlementService] > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessi > onImpl.java:431) > at org.apache.commons.httpclient.protocol.SSLProtocolSocketFact > ory.verifyHostName(SSLProtocolSocketFactory.java:259) > at org.apache.commons.httpclient.protocol.SSLProtocolSocketFact > ory.createSocket(SSLProtocolSocketFactory.java:158) > > Any idea on fixing this issue? > > [1] https://medium.facilelogin.com/thirty-solution-patterns-with-the- > wso2-identity-server-16f9fd0c0389 > > -- > Best Regards, > > Dilshani Subasinghe > Software Engineer - QA *|* WSO2 > lean *|* enterprise *|* middleware > > Mobile : +94773375185 <+94%2077%20337%205185> > Blog : dilshani.me > > <https://wso2.com/signature> > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
