WSO2 Identity Server Example Travelocity OpenID Peer Not Authenticated

Question

During the testing of the Travelocity sample application at Login screen, option2 OpenID, I get the following error at the client side:

0x704: I/O transport error: peer not authenticated

Any recommendation about the required steps to activate SSL protocol support in the Travelocity sample application running under the Tomcat7?

More details from the Tomcat7 log:

SEVERE: Servlet.service() for servlet [ForwardingServlet] in context with path [/travelocity.com] threw exception [0x704: I/O transport error: peer not authenticated] with root cause
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
    at com.ibm.jsse2.ab.getPeerCertificates(ab.java:61)
    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
    at ... 

Thanks for assistance.

Answer 1

As WSO2IS contains a self-signed certificate by default, So you need to configure its certificate as a trusted certificate to the sample application. We can configure a truststore file for the Tomcat server. you can add following two java parameters in to the "catalina.sh" file in /bin directory.

export JAVA_OPTS="-Djavax.net.ssl.trustStore=<PATH_TO_TRUST_STORE_FILE> -Djavax.net.ssl.trustStorePassword=<PASSWORD>"

As an example. Please note that the PATH_TO_TRUST_STORE_FILE file must contains the WSO2 server's certificate.

If your WSO2 server's certificate's CN value is not equal to the WSO2 Server's hostname, you would be probably hit by following error as well

hostname in certificate didn't match: !=. So, you need to make sure CN is equal to hostname as well.