自签名证书设置后，自注册在 wso2is 5.11.0 中不起作用 [英] Self Register doesn't work in wso2is 5.11.0 after self-signed certificate setup

问题描述

在 wso2is 5.11.0 中，用户尝试自行注册会导致javax.net.ssl.SSLException:证书中的主机名不匹配:!= ........."；例外.如果向后移植到 5.10.0，具有相同密钥库和信任库的相同配置可以正常工作.

In wso2is 5.11.0 user trying to self register cause a "javax.net.ssl.SSLException: hostname in certificate didn't match: != ........." exception. The same configuration with same keystore and trust-store works fine if backported to 5.10.0.

谢谢弗朗切斯科

推荐答案

在 WSO2 IS-5.11 中，内部 API 调用的服务器主机名默认配置为 localhost.此配置用于构建服务端点的内部绝对 URL，该 URL 将在将生成内部 API 调用的地方使用.如果您要为评估配置主机名(当没有负载均衡器或代理时)，您可以按照此操作.

In WSO2 IS-5.11, the server hostname for internal API calls is by default configured as localhost. This configuration is utilized to build the internal absolute URL of a service endpoint, which will be consumed at places that will generate internal API calls. If you are configuring the hostname for evaluations (when there is no load balancer or proxy) you can follow this.

• 添加localhost"作为证书的 SAN (-ext SAN=dns:localhost)

这是一个示例密钥库生成:

Here is a sample keystore generation:

keytool -genkey -alias newcert -keyalg RSA -keysize 2048 -keystore newkeystore.jks -dname "CN=wso2is.local, OU=Is,O=Wso2,L=SL,S=WS,C=LK" -storepass mypassword -keypass mypassword -ext SAN=dns:localhost

此外，如果您使用单节点部署(没有负载均衡器或代理)而不是添加 SAN，请将 internal_hostname 值定义为与 hostname 值相同将解决此问题

Also, if you are using single-node deployment(there is no load balancer or proxy) instead of adding SAN, defining internal_hostname value as the same as hostname value will resolve this issue

[server]
hostname = "is.dev.wso2.com"
internal_hostname = "is.dev.wso2.com"

这篇关于自签名证书设置后，自注册在 wso2is 5.11.0 中不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！