Re: [Dev] SSLPeerUnverifiedException when creating a workflow definition using external workflow engine
Hi Dharshana, Thanks a lot for the Response. I could resolve the issue after changing the keystore with the CN matching to BPS server hostname and importing the cert to the client-trust store of IS. Regards, Sashika On Thu, Dec 7, 2017 at 2:57 PM, Darshana Gunawardanawrote: > The issue is, > "SSL peer failed hostname validation for name: 192.168.48.116" > > The BPS server URL should be align with its certificate. In a standalone > pack the default keystore has the certificate CN as 'localhost'. Unless you > change the keystore, you should have the BPS server URL as > https://localhost:9445/services... > > If you cannot use localhost as the BPS hostname, and wanted to use IP or > any other hostname, you should change the keystore with the CN match to the > BPS server URL. > > Thanks, > > On Thu, Dec 7, 2017 at 2:30 PM, Sashika Wijesinghe > wrote: > >> Hi All, >> >> I want to configure an external BPS server as a workflow engine (BPS >> component in EI server) and create a workflow definition in two nodes IS >> cluster fronted by Nginx. >> >> I have configured the external BPM component as a workflow engine and it >> was successful. When I used the above-created workflow engine to create a >> workflow definition I am getting the following SSL exception. >> >> Please note; >> >> 1. I have used the BPS component of the latest wum updated EI 6.1.1 >> server (wso2ei-6.1.1.1511272842384.zip) and IS 5.4.0 beta pack. >> >> 2. Tried the same scenario with IS 5.4.0 beta standalone pack connecting >> to BPS component in EI server. But still getting the same "SSL peer failed >> hostname validation" exception in IS logs >> >> Any help to solve this issue is highly appreciated. >> >> >> TID: [-1234] [] [2017-12-07 08:28:21,337] INFO { >> org.apache.axis2.transport.http.HTTPSender} - Unable to sendViaPost to >> url[https://192.168.48.116:9445/services/BPELUploader] >> javax.net.ssl.SSLPeerUnverifiedException: SSL peer failed hostname >> validation for name: 192.168.48.116 >> at org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.ve >> rifyHostname(TLSProtocolSocketFactory.java:233) >> at org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.cr >> eateSocket(TLSProtocolSocketFactory.java:194) >> at org.apache.commons.httpclient.HttpConnection.open(HttpConnec >> tion.java:707) >> at org.apache.commons.httpclient.MultiThreadedHttpConnectionMan >> ager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionM >> anager.java:1361) >> at org.apache.commons.httpclient.HttpMethodDirector.executeWith >> Retry(HttpMethodDirector.java:387) >> at org.apache.commons.httpclient.HttpMethodDirector.executeMeth >> od(HttpMethodDirector.java:171) >> at org.apache.commons.httpclient.HttpClient.executeMethod(HttpC >> lient.java:397) >> at org.apache.axis2.transport.http.AbstractHTTPSender.executeMe >> thod(AbstractHTTPSender.java:673) >> at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPS >> ender.java:195) >> at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:77) >> at org.apache.axis2.transport.http.CommonsHTTPTransportSender.w >> riteMessageWithCommons(CommonsHTTPTransportSender.java:451) >> at org.apache.axis2.transport.http.CommonsHTTPTransportSender.i >> nvoke(CommonsHTTPTransportSender.java:278) >> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442) >> at org.apache.axis2.description.OutInAxisOperationClient.send(O >> utInAxisOperation.java:430) >> at org.apache.axis2.description.OutInAxisOperationClient.execut >> eImpl(OutInAxisOperation.java:225) >> at org.apache.axis2.client.OperationClient.execute(OperationCli >> ent.java:149) >> at org.wso2.carbon.bpel.stub.upload.BPELUploaderStub.uploadServ >> ice(BPELUploaderStub.java:196) >> at org.wso2.carbon.identity.workflow.impl.util.WorkflowDeployer >> Client.uploadBPEL(WorkflowDeployerClient.java:74) >> at org.wso2.carbon.identity.workflow.impl.BPELDeployer.deployAr >> tifacts(BPELDeployer.java:153) >> at org.wso2.carbon.identity.workflow.impl.BPELDeployer.generate >> AndDeployArtifacts(BPELDeployer.java:133) >> at org.wso2.carbon.identity.workflow.impl.BPELDeployer.initiali >> ze(BPELDeployer.java:110) >> at org.wso2.carbon.identity.workflow.mgt.workflow.AbstractWorkf >> low.deploy(AbstractWorkflow.java:87) >> at org.wso2.carbon.identity.workflow.impl.ApprovalWorkflow. >> deploy(ApprovalWorkflow.java:84) >> at org.wso2.carbon.identity.workflow.mgt.WorkflowManagementServ >> iceImpl.addWorkflow(WorkflowManagementServiceImpl.java:360) >> at org.wso2.carbon.identity.workflow.mgt.WorkflowManagementAdmi >> nService.addWorkflow(WorkflowManagementAdminService.java:234) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce >> ssorImpl.java:62) >> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe >> thodAccessorImpl.java:43) >> at java.lang.reflect.Method.invoke(Method.java:497) >> at
Re: [Dev] SSLPeerUnverifiedException when creating a workflow definition using external workflow engine
The issue is, "SSL peer failed hostname validation for name: 192.168.48.116" The BPS server URL should be align with its certificate. In a standalone pack the default keystore has the certificate CN as 'localhost'. Unless you change the keystore, you should have the BPS server URL as https://localhost:9445/services... If you cannot use localhost as the BPS hostname, and wanted to use IP or any other hostname, you should change the keystore with the CN match to the BPS server URL. Thanks, On Thu, Dec 7, 2017 at 2:30 PM, Sashika Wijesinghewrote: > Hi All, > > I want to configure an external BPS server as a workflow engine (BPS > component in EI server) and create a workflow definition in two nodes IS > cluster fronted by Nginx. > > I have configured the external BPM component as a workflow engine and it > was successful. When I used the above-created workflow engine to create a > workflow definition I am getting the following SSL exception. > > Please note; > > 1. I have used the BPS component of the latest wum updated EI 6.1.1 server > (wso2ei-6.1.1.1511272842384.zip) and IS 5.4.0 beta pack. > > 2. Tried the same scenario with IS 5.4.0 beta standalone pack connecting > to BPS component in EI server. But still getting the same "SSL peer failed > hostname validation" exception in IS logs > > Any help to solve this issue is highly appreciated. > > > TID: [-1234] [] [2017-12-07 08:28:21,337] INFO > {org.apache.axis2.transport.http.HTTPSender} - Unable to sendViaPost to > url[https://192.168.48.116:9445/services/BPELUploader] > javax.net.ssl.SSLPeerUnverifiedException: SSL peer failed hostname > validation for name: 192.168.48.116 > at org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory. > verifyHostname(TLSProtocolSocketFactory.java:233) > at org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.createSocket( > TLSProtocolSocketFactory.java:194) > at org.apache.commons.httpclient.HttpConnection.open( > HttpConnection.java:707) > at org.apache.commons.httpclient.MultiThreadedHttpConnectionMan > ager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionMan > ager.java:1361) > at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry( > HttpMethodDirector.java:387) > at org.apache.commons.httpclient.HttpMethodDirector.executeMethod( > HttpMethodDirector.java:171) > at org.apache.commons.httpclient.HttpClient.executeMethod( > HttpClient.java:397) > at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod( > AbstractHTTPSender.java:673) > at org.apache.axis2.transport.http.HTTPSender.sendViaPost( > HTTPSender.java:195) > at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:77) > at org.apache.axis2.transport.http.CommonsHTTPTransportSender. > writeMessageWithCommons(CommonsHTTPTransportSender.java:451) > at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke( > CommonsHTTPTransportSender.java:278) > at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442) > at org.apache.axis2.description.OutInAxisOperationClient.send( > OutInAxisOperation.java:430) > at org.apache.axis2.description.OutInAxisOperationClient.executeImpl( > OutInAxisOperation.java:225) > at org.apache.axis2.client.OperationClient.execute( > OperationClient.java:149) > at org.wso2.carbon.bpel.stub.upload.BPELUploaderStub.uploadService( > BPELUploaderStub.java:196) > at org.wso2.carbon.identity.workflow.impl.util.WorkflowDeployerClient. > uploadBPEL(WorkflowDeployerClient.java:74) > at org.wso2.carbon.identity.workflow.impl.BPELDeployer. > deployArtifacts(BPELDeployer.java:153) > at org.wso2.carbon.identity.workflow.impl.BPELDeployer. > generateAndDeployArtifacts(BPELDeployer.java:133) > at org.wso2.carbon.identity.workflow.impl.BPELDeployer. > initialize(BPELDeployer.java:110) > at org.wso2.carbon.identity.workflow.mgt.workflow.AbstractWorkflow.deploy( > AbstractWorkflow.java:87) > at org.wso2.carbon.identity.workflow.impl.ApprovalWorkflow.deploy( > ApprovalWorkflow.java:84) > at org.wso2.carbon.identity.workflow.mgt.WorkflowManagementServiceImpl. > addWorkflow(WorkflowManagementServiceImpl.java:360) > at org.wso2.carbon.identity.workflow.mgt.WorkflowManagementAdminService > .addWorkflow(WorkflowManagementAdminService.java:234) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke( > NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke( > DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:497) > at org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil. > java:212) > at org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic( > RPCMessageReceiver.java:117) > at org.apache.axis2.receivers.AbstractInOutMessageReceiver. > invokeBusinessLogic(AbstractInOutMessageReceiver.java:40) > at org.apache.axis2.receivers.AbstractMessageReceiver.receive( > AbstractMessageReceiver.java:110) > at
[Dev] SSLPeerUnverifiedException when creating a workflow definition using external workflow engine
Hi All, I want to configure an external BPS server as a workflow engine (BPS component in EI server) and create a workflow definition in two nodes IS cluster fronted by Nginx. I have configured the external BPM component as a workflow engine and it was successful. When I used the above-created workflow engine to create a workflow definition I am getting the following SSL exception. Please note; 1. I have used the BPS component of the latest wum updated EI 6.1.1 server (wso2ei-6.1.1.1511272842384.zip) and IS 5.4.0 beta pack. 2. Tried the same scenario with IS 5.4.0 beta standalone pack connecting to BPS component in EI server. But still getting the same "SSL peer failed hostname validation" exception in IS logs Any help to solve this issue is highly appreciated. TID: [-1234] [] [2017-12-07 08:28:21,337] INFO {org.apache.axis2.transport.http.HTTPSender} - Unable to sendViaPost to url[https://192.168.48.116:9445/services/BPELUploader] javax.net.ssl.SSLPeerUnverifiedException: SSL peer failed hostname validation for name: 192.168.48.116 at org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.verifyHostname(TLSProtocolSocketFactory.java:233) at org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.createSocket(TLSProtocolSocketFactory.java:194) at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707) at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361) at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:673) at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:195) at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:77) at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:451) at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:278) at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:430) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) at org.wso2.carbon.bpel.stub.upload.BPELUploaderStub.uploadService(BPELUploaderStub.java:196) at org.wso2.carbon.identity.workflow.impl.util.WorkflowDeployerClient.uploadBPEL(WorkflowDeployerClient.java:74) at org.wso2.carbon.identity.workflow.impl.BPELDeployer.deployArtifacts(BPELDeployer.java:153) at org.wso2.carbon.identity.workflow.impl.BPELDeployer.generateAndDeployArtifacts(BPELDeployer.java:133) at org.wso2.carbon.identity.workflow.impl.BPELDeployer.initialize(BPELDeployer.java:110) at org.wso2.carbon.identity.workflow.mgt.workflow.AbstractWorkflow.deploy(AbstractWorkflow.java:87) at org.wso2.carbon.identity.workflow.impl.ApprovalWorkflow.deploy(ApprovalWorkflow.java:84) at org.wso2.carbon.identity.workflow.mgt.WorkflowManagementServiceImpl.addWorkflow(WorkflowManagementServiceImpl.java:360) at org.wso2.carbon.identity.workflow.mgt.WorkflowManagementAdminService.addWorkflow(WorkflowManagementAdminService.java:234) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:212) at org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:117) at org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40) at org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) at org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:169) at org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:82) at org.wso2.carbon.core.transports.local.CarbonLocalTransportSender.finalizeSendWithToAddress(CarbonLocalTransportSender.java:45) at org.apache.axis2.transport.local.LocalTransportSender.invoke(LocalTransportSender.java:77) at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:430) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225) at