我目前正在设置一个 dockerized WSO Api Manager.我们的域有一个通配符证书.我成功将其转换为java keystore,并替换了两个jks文件.
I am currently setting up a dockerized WSO Api Manager. We have got a wildcard certificates for our domain. I successfully transformed it into a java keystore and replaced the two jks files.
当我打开 API 管理器时,我没有收到 ssl 警告,并且浏览器将我的连接标记为安全.
When I open the API manager, I get no ssl warnings and the browser marks my connection as secure.
当我尝试登录时出现错误:
When I try to login I get an error :
在我得到的日志文件中:
In the log files I get :
TID: [-1234] [] [2017-03-24 11:37:55,305] INFO
{org.apache.axis2.transport.http.HTTPSender} - Unable to sendViaPost
to url[https://localhost:9443/services/AuthenticationAdmin]
{org.apache.axis2.transport.http.HTTPSender}
javax.net.ssl.SSLException: hostname in certificate didn't match:
<localhost> != </*.mydomain.io/mydomain.io/*.mydomain.io>
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:341)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:277)
看起来服务器正在尝试与本地主机进行 SSL 连接.那么如何将匹配的证书添加到允许 localhost 访问的密钥库?
It looks like the Server is trying to do SSL connections to localhost. So how can I add a matching certificate to the keystore allowing localhost access?
非常感谢!
在 api-manager.xml 文件中,更改所有 localhost 的引用以匹配您的域名,重启,应该就好了.
In the api-manager.xml file , change all references of localhost to match your domain name , restart , and it should be good.
设置
<parameter name="HostnameVerifier">AllowAll</parameter>
存在安全风险,主机名验证是有原因的.
is a security risk , Hostname Verification is there for a reason.
这篇关于SSL-Connection 导致 javax.net.ssl.SSLException:证书中的主机名不匹配(WSO2 Api Manager/Tomcat)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!