SSL连接导致javax.net.ssl.SSLException:证书中的主机名不匹配(WSO2 Api Manager/Tomcat) [英] SSL-Connection causes javax.net.ssl.SSLException: hostname in certificate didn't match (WSO2 Api Manager / Tomcat)

问题描述

我目前正在设置一个Docker化的WSO Api Manager.我们已经为我们的域获取了通配符证书.我成功地将其转换为Java密钥库，并替换了两个jks文件.

I am currently setting up a dockerized WSO Api Manager. We have got a wildcard certificates for our domain. I successfully transformed it into a java keystore and replaced the two jks files.

当我打开API管理器时，没有收到ssl警告，浏览器将我的连接标记为安全.

When I open the API manager, I get no ssl warnings and the browser marks my connection as secure.

当我尝试登录时出现错误:

When I try to login I get an error :

在日志文件中，我得到:

In the log files I get :

TID: [-1234] [] [2017-03-24 11:37:55,305]  INFO     
     {org.apache.axis2.transport.http.HTTPSender} - Unable to sendViaPost   
     to    url[https://localhost:9443/services/AuthenticationAdmin]  
     {org.apache.axis2.transport.http.HTTPSender}
javax.net.ssl.SSLException: hostname in certificate didn't match: 
     <localhost> != </*.mydomain.io/mydomain.io/*.mydomain.io>
     at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:341)
     at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:277)

服务器似乎正在尝试与本地主机建立SSL连接.那么，如何才能将匹配的证书添加到允许本地访问的密钥库中?

It looks like the Server is trying to do SSL connections to localhost. So how can I add a matching certificate to the keystore allowing localhost access?

非常感谢！

推荐答案

在 api-manager.xml 文件中，更改 localhost 的所有引用以匹配您的域名，然后重新启动，应该会很好.

In the api-manager.xml file , change all references of localhost to match your domain name , restart , and it should be good.

设置

<parameter name="HostnameVerifier">AllowAll</parameter>

存在安全隐患，存在主机名验证是有原因的.

is a security risk , Hostname Verification is there for a reason.

这篇关于SSL连接导致javax.net.ssl.SSLException:证书中的主机名不匹配(WSO2 Api Manager/Tomcat)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！