Reputation: 21
WSO2 AM Host name verification failed for host
I am new to the WSO2 AM, so I am not sure if this is the right place for my question. Nevertheless. . . I have recently installed WSO2 AM and published a new API.
At first, everything worked as expected (I deploy the API using "localhost" as the hostname for the wso2am)
Then, I change the hostname used by the product following the instructions detailed here: https://docs.wso2.com/display/AM210/Changing+the+Hostname Now I am able to access the wso2am using the new hostname but I'm not able to use the published API because I get the following error:
2019-09-06 15:16:18,674 [-] [HTTPS-Sender I/O dispatcher-1] ERROR TargetHandler I/O error: Host name verification failed for host : localhost javax.net.ssl.SSLException: Host name verification failed for host : localhost
I have followed these instructions (WSO2 ESB Axis2 Service throwing Host name verification failed for host) to disable the hostname verification and then, the API worked again (I changed the parameter "HostnameVerifier" to “AllowAll” on the axis2.xml configuration file)
However, the security guidelines for deploying a WSO2 product in a production environment said I should enable HostName Verification.
Is there another configuration that I am missing for this to work as expected?
Upvotes: 2
Views: 3202
Answers (2)
Reputation: 19
This error is caused when the server URL is not aligned with its certificate. In a standalone APIM pack, the default keystore has the certificate CN as 'localhost'. In order to use ur HOSTNAME as the hostname you would have to create a new keystore with the new hostname as mentioned in WSO2 Admin guide / Creating New Keystores. Also the new hostname should be added to /etc/hosts. Could you try this and check.
Upvotes: 1
Reputation: 4001
In a production environment, the recommended approach is to enable hostname verification and use a proper certificate for the hostnames. WSO2's default Keystore contains the self-signed certificate and for production, it is recommended to change the Keystore. Please go through these security guidelines which not only talks about Keystores but some other important stuff. https://docs.wso2.com/display/ADMIN44x/Security+Guidelines+for+Production+Deployment
Upvotes: 0
Related Questions
- WSO2 API Manager(wso2am-4.0.0) - "Registered callback does not match with the provided url" in a distributed setup
- Why WSO2 API Manager gives Hostname verification failed while getting the token?
- WSO2 API Manager Received fatal alert: handshake_failure
- hostname in certificate didn't match:<>!=<> WSO2 APIM
- WSO2 - access token validation failed error message returned when making API calls
- WSO2 API Manager "error": "no response from server"
- wso2: Error while accessing backend services for API key validation
- WSO2 API Manager : API Creation Issue
- Scope validation fails when running the (new) published API of WSO2 AM 1.10.0
- Wso2 API Manager ERROR_CODE = 101508, Error in Sender