设置 WSO2 EMM [英] Setting up WSO2 EMM
问题描述
我正在尝试设置 WSO2 EMM V2.0.1.我能够在我的实时服务器上设置它并按照此处提供的所有说明 WSO2 Getting开始直到我得到 配置 Android BKS 我配置了所有提供的设置,并且我的 https 工作正常.所以,然后我开始添加一个用户,我注意到的第一件事是 Email Configuration 不起作用.所以,我不能用那里的电子邮件添加用户.然后我注意到我什至无法注册用户.我尝试使用 username: admin, password: password 在移动设备上测试用户登录,当我使用模拟器进行测试,然后当我使用真实设备时,我得到了这个 No peer certificate.这是我的 URL SELF EMM URL.经过一些调试,我注意到它调用了这个 URL 并传递了这个参数 {applicationType":device",callbackUrl":",clientName":355972050729590",grantType":password refresh_token",owner":admin";,"tokenScope":"production"} 但它不会在 Android 上添加用户.我有一个被错误删除的 WSO2 v1 实例.但是,我需要恢复它.我在这里查看配置
I am trying to setup WSO2 EMM V2.0.1. I was able to set it up on my live server and follow all the instruction provided from here WSO2 Getting Started till I got to Configuring Android BKS I configured all settings provided and my https which is working fine. So, I then moved to adding a User, first thing I noticed was that Email Configuration not working. So, I can't add users with there email. Then I noticed that I can't even enrol users. I tried to test user login on the mobile device using username: admin, password: password and I'm getting this error Trust anchor for certification path not found when I use an emulator to test and then when I use a real device, I was getting this No peer certificate. This is my URL SELF EMM URL. After some debugging, I noticed it calls this URL and pass this parameter {"applicationType":"device","callbackUrl":"","clientName":"355972050729590","grantType":"password refresh_token","owner":"admin","tokenScope":"production"} but it wouldn't add a user on Android. I've an instance of WSO2 v1 which was mistakenly deleted. But, I need to get it back up. And I was looking at the configuration here
public static boolean DEBUG_MODE_ENABLED = false;
public static boolean LOCAL_NOTIFICATIONS_ENABLED = true;
public static boolean GCM_ENABLED = false;
public static String SERVER_IP = "";
public static String SERVER_PORT = "9443";
public static String SERVER_PROTOCOL = "https://";
public static String API_VERSION = "1.0.0";
public static String SERVER_APP_ENDPOINT = "/EMM/api/";
public static String OAUTH_ENDPOINT = "/oauth2/token";
public static String SENDER_ID_ENDPOINT = "devices/sender_id/";
public static String IS_REGISTERED_ENDPOINT = "devices/isregistered/";
public static String LICENSE_ENDPOINT = "devices/license/";
public static String REGISTER_ENDPOINT = "devices/register/";
public static String UNREGISTER_ENDPOINT = "devices/unregister/";
public static String NOTIFICATION_ENDPOINT = "notifications/pendingOperations/";
public static String SERVER_URL = SERVER_PROTOCOL + SERVER_IP + ":" + SERVER_PORT + SERVER_APP_ENDPOINT; <-- There's nothing like this in the Constants.java class
public static final String TRUSTSTORE_PASSWORD = "";
public static final String EULA_TITLE = "POLICY AGREEMENT";
并非所有都在 Constant.java 类中,而且很多都未使用.如果 HTTPS 是问题,我想切换到 http.我无法切换,我仍然收到 Timeout 错误.我尝试了用于 HTTPS 的 40.68.228.207:9443 和用于 HTTP 的 40.68.228.207:9763 两者都给了我没有对等证书.请帮助我.
Not all are in the Constant.java class and many which are unused. If HTTPS is the problem, I would like to switch to http. I can't switch, I still get a Timeout error. And I tried both 40.68.228.207:9443 which is for HTTPS and 40.68.228.207:9763 which is for HTTP both are giving me No peer certificate. Please HELP ME.
你说,在这里更改电子邮件消息
You said, change email Message here
通过导航到位于 其中没有notification-messages.xml 存在于指定的整个目录中
Customize the email that is being sent out by navigating to the notification-messages.xml file, which is in the <EMM_HOME>/repository/conf directory. whereby there's nowhere where notification-messages.xml exist in the whole directory specified
我的防火墙配置
*过滤器
-A 输入 -i lo -j 接受-A 输入 -d 127.0.0.0/8 -j 拒绝-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A 输出 -j 接受
-A INPUT -i lo -j ACCEPT -A INPUT -d 127.0.0.0/8 -j REJECT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A OUTPUT -j ACCEPT
-A 输入 -p tcp --dport 80 -j 接受-A 输入 -p tcp --dport 8080 -j 接受-A 输入 -p tcp --dport 27017 -j 接受-A 输入 -p tcp --dport 1410 -j 接受-A 输入 -p tcp --dport 1450 -j 接受-A 输入 -p tcp --dport 9443 -j 接受-A 输入 -p tcp --dport 9763 -j 接受-A 输入 -p tcp --dport 443 -j 接受-A 输入 -p tcp --dport 1400 -j 接受
-A INPUT -p tcp --dport 80 -j ACCEPT -A INPUT -p tcp --dport 8080 -j ACCEPT -A INPUT -p tcp --dport 27017 -j ACCEPT -A INPUT -p tcp --dport 1410 -j ACCEPT -A INPUT -p tcp --dport 1450 -j ACCEPT -A INPUT -p tcp --dport 9443 -j ACCEPT -A INPUT -p tcp --dport 9763 -j ACCEPT -A INPUT -p tcp --dport 443 -j ACCEPT -A INPUT -p tcp --dport 1400 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
-A 输入 -p icmp -j 接受
-A INPUT -p icmp -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied:"--log-level 7
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set-A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m 最近 --update --seconds 60 --hitcount 15 -j D$
-A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 15 -j D$
-A 输入 -j 删除-A FORWARD -j 删除
-A INPUT -j DROP -A FORWARD -j DROP
提交
推荐答案
如果您已经按照文档中的 IOS 配置进行操作 这里.请按照以下步骤将已获取的 ssl 证书包含到密钥库中.
If you have follow the IOS configuration as documented here. Please take the following steps to including the ssl certificates who have acquired in to the keystore.
将下载的证书转换为 .pem 文件.openssl x509 -in -out 示例:
openssl x509 -in rootcert.crt -out root.pem
openssl x509 -in intermidiatecert.crt -out inter.pem
使用根证书和中间证书创建证书链.
cat <CERTIFCATE 1> <CERTIFICATE 2> ... >> <CERTIFICATE CHAIN>
例子:
cat root.pem inter.pem >> clientcertchain.pem
将 SSL 证书链文件导出为 PKCS12 文件,别名为wso2carbon".
openssl pkcs12 -export -out <KEYSTORE>.p12 -inkey <RSA_key>.key -in ia.crt -CAfile ca_cert.pem -name "<alias>"
例子:
openssl pkcs12 -export -out KEYSTORE.p12 -inkey ia.key -in ia.crt -CA file clientcertchain.pem -name "wso2carbon"
将生成的p12文件导入/repository/resources/security目录下的wso2carbon.jks和client-truststore.jks.keytool -importkeystore -srckeystore .p12 -srcstoretype PKCS12 -destkeystore 示例:
keytool -importkeystore -srckeystore KEYSTORE.p12 -srcstoretype PKCS12 -destkeystore wso2carbon.jks
keytool -importkeystore -srckeystore KEYSTORE.p12 -srcstoretype PKCS12 -destkeystore client-truststore.jks
<小时>
注意:
出现提示时,输入密钥库密码和密钥库密钥密码为 wso2carbon.当提示替换与 wso2carbon 同名的现有条目时,输入 yes.
NOTE:
When prompted, enter the keystore password and keystore key password as wso2carbon.
When prompted to replace an existing entry that has the same name as wso2carbon, enter yes.
这篇关于设置 WSO2 EMM的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
