Hi Nuwan, Are you using a load balancer to access the KM node? A similar issue is discussed in mail thread[1] where nginx sending a wrong certificate if the client doesn't send SNI information to the server.
[1] Publisher/Store nodes are throwing an error "unable to find valid certification path to requested target On Tue, Nov 28, 2017 at 2:34 PM, Abimaran Kugathasan <[email protected]> wrote: > Hi Nuwan, > > Have you generated KeyStore for all the nodes? CN property belongs to > KeyStore. What's the value you have given to CN when you generate KeyStore? > Importing public keys to each other's client-truststore don't have any > impact on this problem. > > On Tue, Nov 28, 2017 at 11:29 AM, Isuru Haththotuwa <[email protected]> > wrote: > >> This means that the actual URL what it was trying to access >> (km.dev.wso2.org <http://km.dev.wso2.org>) presented a certificate with >> the CN gw.dev.wso2.org. <http://gw.dev.wso2.org> >> The server at the host km.dev.wso2.com should have a public certificate >> with the same hostname as CN. And since you seem to have a common domain >> dev.wso2.org, you can generate a SSL key pair with a wildcard - *. >> dev.wso2.org. No need to generate separately for each instance. >> <http://gw.dev.wso2.org> >> >> On Tue, Nov 28, 2017 at 11:21 AM, Nuwan Silva <[email protected]> wrote: >> >>> Hi Team, >>> >>> I'm getting the above issue when trying to login to publisher. I have >>> added the certificates of all the instances of the deployment to a single >>> client-truststore and copied to all servers. >>> >>> checking via >>> keytool -list -v -keystore client-truststore.jks >>> >>> does show the certificates. What can be the cause of this? >>> >>> TID: [-1234] [] [2017-11-28 05:43:47,637] INFO >>> {org.wso2.carbon.core.internal.permission.update.PermissionUpdater} - >>> Permission cache updated for tenant -1234 {org.wso2.carbon.core.internal >>> .permission.update.PermissionUpdater} >>> TID: [-1234] [] [2017-11-28 05:43:48,009] INFO { >>> org.apache.axis2.transport.http.HTTPSender} - Unable to sendViaPost to >>> url[https://km.dev.wso2.org:443/services/AuthenticationAdmin] { >>> org.apache.axis2.transport.http.HTTPSender} >>> javax.net.ssl.SSLException: hostname in certificate didn't match: < >>> km.dev.wso2.org> != <gw.dev.wso2.org> >>> at org.apache.commons.httpclient.protocol.SSLProtocolSocketFact >>> ory.verifyHostName(SSLProtocolSocketFactory.java:436) >>> at org.apache.commons.httpclient.protocol.SSLProtocolSocketFact >>> ory.verifyHostName(SSLProtocolSocketFactory.java:302) >>> at org.apache.commons.httpclient.protocol.SSLProtocolSocketFact >>> ory.verifyHostName(SSLProtocolSocketFactory.java:273) >>> at org.apache.commons.httpclient.protocol.SSLProtocolSocketFact >>> ory.createSocket(SSLProtocolSocketFactory.java:183) >>> at org.apache.commons.httpclient.HttpConnection.open(HttpConnec >>> tion.java:707) >>> at org.apache.commons.httpclient.MultiThreadedHttpConnectionMan >>> ager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionM >>> anager.java:1361) >>> at org.apache.commons.httpclient.HttpMethodDirector.executeWith >>> Retry(HttpMethodDirector.java:387) >>> at org.apache.commons.httpclient.HttpMethodDirector.executeMeth >>> od(HttpMethodDirector.java:171) >>> at org.apache.commons.httpclient.HttpClient.executeMethod(HttpC >>> lient.java:397) >>> at org.apache.axis2.transport.http.AbstractHTTPSender.executeMe >>> thod(AbstractHTTPSender.java:682) >>> at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPS >>> ender.java:195) >>> at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.j >>> ava:77) >>> at org.apache.axis2.transport.http.CommonsHTTPTransportSender.w >>> riteMessageWithCommons(CommonsHTTPTransportSender.java:451) >>> at org.apache.axis2.transport.http.CommonsHTTPTransportSender.i >>> nvoke(CommonsHTTPTransportSender.java:278) >>> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442) >>> at org.apache.axis2.description.OutInAxisOperationClient.send(O >>> utInAxisOperation.java:430) >>> at org.apache.axis2.description.OutInAxisOperationClient.execut >>> eImpl(OutInAxisOperation.java:225) >>> at org.apache.axis2.client.OperationClient.execute(OperationCli >>> ent.java:149) >>> at org.wso2.carbon.authenticator.stub.AuthenticationAdminStub.l >>> ogin(AuthenticationAdminStub.java:659) >>> at org.wso2.carbon.apimgt.hostobjects.APIProviderHostObject.jsF >>> unction_login(APIProviderHostObject.java:267) >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce >>> ssorImpl.java:62) >>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe >>> thodAccessorImpl.java:43) >>> at java.lang.reflect.Method.invoke(Method.java:498) >>> at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126) >>> at org.mozilla.javascript.FunctionObject.call(FunctionObject.ja >>> va:386) >>> at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime >>> .java:42) >>> at org.jaggeryjs.rhino.publisher.modules.user.c1._c_anonymous_1 >>> (/publisher/modules/user/login.jag:19) >>> at org.jaggeryjs.rhino.publisher.modules.user.c1.call(/publishe >>> r/modules/user/login.jag) >>> at org.mozilla.javascript.ScriptRuntime.applyOrCall(ScriptRunti >>> me.java:2430) >>> at org.mozilla.javascript.BaseFunction.execIdCall(BaseFunction. >>> java:269) >>> at org.mozilla.javascript.IdFunctionObject.call(IdFunctionObjec >>> t.java:97) >>> at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime >>> .java:42) >>> at org.jaggeryjs.rhino.publisher.modules.user.c0._c_anonymous_1 >>> (/publisher/modules/user/module.jag:5) >>> at org.jaggeryjs.rhino.publisher.modules.user.c0.call(/publishe >>> r/modules/user/module.jag) >>> at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime >>> .java:52) >>> at org.jaggeryjs.rhino.publisher.site.blocks.user.login.ajax.c0 >>> ._c_anonymous_1(/publisher/site/blocks/user/login/ajax/login.jag:26) >>> at org.jaggeryjs.rhino.publisher.site.blocks.user.login.ajax.c0 >>> .call(/publisher/site/blocks/user/login/ajax/login.jag) >>> at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime >>> .java:23) >>> at org.jaggeryjs.rhino.publisher.site.blocks.user.login.ajax.c0 >>> ._c_script_0(/publisher/site/blocks/user/login/ajax/login.jag:5) >>> at org.jaggeryjs.rhino.publisher.site.blocks.user.login.ajax.c0 >>> .call(/publisher/site/blocks/user/login/ajax/login.jag) >>> at org.mozilla.javascript.ContextFactory.doTopCall(ContextFacto >>> ry.java:394) >>> at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime >>> .java:3091) >>> at org.jaggeryjs.rhino.publisher.site.blocks.user.login.ajax.c0 >>> .call(/publisher/site/blocks/user/login/ajax/login.jag) >>> at org.jaggeryjs.rhino.publisher.site.blocks.user.login.ajax.c0 >>> .exec(/publisher/site/blocks/user/login/ajax/login.jag) >>> at org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(Rhi >>> noEngine.java:567) >>> at org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngi >>> ne.java:273) >>> at org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebApp >>> Manager.java:588) >>> at org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(Web >>> AppManager.java:508) >>> at org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServ >>> let.java:29) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:303) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.apache.catalina.core.ApplicationDispatcher.invoke(Applic >>> ationDispatcher.java:743) >>> at org.apache.catalina.core.ApplicationDispatcher.processReques >>> t(ApplicationDispatcher.java:485) >>> at org.apache.catalina.core.ApplicationDispatcher.doForward(App >>> licationDispatcher.java:377) >>> at org.apache.catalina.core.ApplicationDispatcher.forward(Appli >>> cationDispatcher.java:337) >>> at org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFil >>> ter.java:21) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:241) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreven >>> tionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:241) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >>> r(HttpHeaderSecurityFilter.java:124) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:241) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar >>> dWrapperValve.java:219) >>> at org.apache.catalina.core.StandardContextValve.invoke(Standar >>> dContextValve.java:110) >>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A >>> uthenticatorBase.java:506) >>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo >>> stValve.java:169) >>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo >>> rtValve.java:103) >>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInv >>> ocation(CompositeValve.java:99) >>> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke >>> (CarbonTomcatValve.java:47) >>> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(Tena >>> ntLazyLoaderValve.java:57) >>> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok >>> eValves(TomcatValveContainer.java:47) >>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp >>> ositeValve.java:62) >>> at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection >>> Valve.invoke(CarbonStuckThreadDetectionValve.java:159) >>> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa >>> lve.java:962) >>> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. >>> invoke(CarbonContextCreatorValve.java:57) >>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard >>> EngineValve.java:116) >>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd >>> apter.java:445) >>> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs >>> tractHttp11Processor.java:1115) >>> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler >>> .process(AbstractProtocol.java:637) >>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun >>> (NioEndpoint.java:1775) >>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(N >>> ioEndpoint.java:1734) >>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool >>> Executor.java:1142) >>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo >>> lExecutor.java:617) >>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r >>> un(TaskThread.java:61) >>> >>> >>> -- >>> >>> >>> *Nuwan Silva* >>> *Associate Technical Lead* >>> Mobile: +9477 980 4543 <077%20980%204543> >>> >>> WSO2 Inc. >>> lean . enterprise . middleware. >>> http://www.wso2.com >>> >> >> >> >> -- >> Thanks and Regards, >> >> Isuru H. >> +94 716 358 048 <+94%2071%20635%208048>* <http://wso2.com/>* >> >> >> > > > -- > Thanks > Abimaran Kugathasan > Senior Software Engineer - API Technologies > > Email : [email protected] > Mobile : +94 773922820 <+94%2077%20392%202820> > > <http://stackoverflow.com/users/515034> > <http://lk.linkedin.com/in/abimaran> > <http://www.lkabimaran.blogspot.com/> <https://github.com/abimarank> > <https://twitter.com/abimaran> > > -- *Thanks and Regards,* Anuruddha Lanka Liyanarachchi Senior Software Engineer - WSO2 Mobile : +94 (0) 712762611 Tel : +94 112 145 345 a <[email protected]>[email protected]
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
