SSL-Connection 导致 javax.net.ssl.SSLException:证书中的主机名不匹配(WSO2 Api Manager/Tomcat)

2022-01-17 00:00:00 ssl wso2 java wso2-am wso2carbon

我目前正在设置一个 dockerized WSO Api Manager.我们的域有一个通配符证书.我成功将其转换为java keystore,并替换了两个jks文件.

I am currently setting up a dockerized WSO Api Manager. We have got a wildcard certificates for our domain. I successfully transformed it into a java keystore and replaced the two jks files.

当我打开 API 管理器时,我没有收到 ssl 警告,并且浏览器将我的连接标记为安全.

When I open the API manager, I get no ssl warnings and the browser marks my connection as secure.

当我尝试登录时出现错误:

When I try to login I get an error :

在我得到的日志文件中:

In the log files I get :

TID: [-1234] [] [2017-03-24 11:37:55,305]  INFO     
     {org.apache.axis2.transport.http.HTTPSender} - Unable to sendViaPost   
     to    url[https://localhost:9443/services/AuthenticationAdmin]  
     {org.apache.axis2.transport.http.HTTPSender}
javax.net.ssl.SSLException: hostname in certificate didn't match: 
     <localhost> != </*.mydomain.io/mydomain.io/*.mydomain.io>
     at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:341)
     at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:277)

看起来服务器正在尝试与本地主机进行 SSL 连接.那么如何将匹配的证书添加到允许 localhost 访问的密钥库?

It looks like the Server is trying to do SSL connections to localhost. So how can I add a matching certificate to the keystore allowing localhost access?

非常感谢!

推荐答案

api-manager.xml 文件中,更改所有 localhost 的引用以匹配您的域名,重启,应该就好了.

In the api-manager.xml file , change all references of localhost to match your domain name , restart , and it should be good.

设置

<parameter name="HostnameVerifier">AllowAll</parameter>

存在安全风险,主机名验证是有原因的.

is a security risk , Hostname Verification is there for a reason.

相关文章