Reputation: 71
SSL Certificate configuration for WSO2 API 3.2
I'm currently trying to configure our WSO2 API Manager 3.2 to use our SSL certificate.
I followed the documentation "Creating a New Keystore" and "Configuring Keystores in API Manager".
I have updated the deployment.toml file:
[server]<br>
hostname = "myserver001.internal.net"
....
[keystore.tls]
file_name = "myKeystore.jks"
type = "JKS"
password = "secretpassword"
alias = "myserver001.internal.net"
key_password = "secretpassword"
[keystore.primary]
file_name = "wso2carbon.jks"
type = "JKS"
password = "wso2carbon"
alias = "wso2carbon"
key_password = "wso2carbon"
The servername is set to myserver001.
The domain name myserver001.internal.net is set in the host file.
After restarting the WSO2 APIM server an exception message is thrown:
SSLException: hostname in certificate didn't match:
<localhost> != <myserver001.internal.net> OR <myserver001.internal.net>
Does anyone knows what I have to change additionally, to come around this error or where I can find additional documentation?
Any help is appreciated
Upvotes: 2
Views: 1641
Answers (2)
Reputation: 116
I was in the exact same situation :
- Migration from v2.6.0 to v3.2.0
- Valid certificate
- SSLException: hostname in certificate didn't match
I tried a lot of things, but after a lot of researches, I'd say that there is two possibilities :
- It's a bug
- It's a documentation problem, and we have to edit more things to make our certificate work
I believe that you changed the Dhttpclient.hostnameVerifier to another value than "AllowAll". See the doc about hostname verification.
It's just a workaround and it's probably not that secure, but you'll have to put back the default value for Dhttpclient.hostnameVerifier to avoid this error :
service wso2am-3.2.0 stop
nano /usr/lib/wso2/wso2am/3.2.0/bin/wso2server.sh
-Dhttpclient.hostnameVerifier=AllowAll \
service wso2am-3.2.0 start
Upvotes: 0
Reputation: 376
Looks this is due to the missing service_url of TM/Event hub config. So can you add/update the following config?
[apim.throttling]
...
service_url = "https://myserver001.internal.net:9443/services/"
Upvotes: 1
Related Questions
- WSO2 api manager and endpoint HTTPS
- wso2-am https API
- Mutual SSL in WSO2 API Manager 3.0.0
- Cant change WSO2 API-M Certificate for authenticating communication over SSL/TLS in Docker
- WSO2 APIM : adding SSL certificate for APIs endpoint using rest service
- wso2 apim 1.10.0 SSL communication
- SSL Configuration for WSO2
- WSO2 API Manager, invalid. unable to find valid certification path to requested target
- WSO2 APIM: PKIX path building failed while configuring an endpoint with self signed certificate
- wso2 API Manager | How to associate a client-certificate to backend / target endpoint