I'm trying to create a new API from a rest service in WSO2 Publisher and I'm getting an error when I try to validate the endpoint:
When I go to log it shows the message:
[2021-03-30 22:09:54,744] ERROR - ApisApiServiceImpl Error occurred while sending the HEAD request to the given endpoint url:
java.net.ConnectException: Connection refused (Connection refused)
What am I doing wrong?
If I progress the creation when I try to test I get another error:
[2021-03-30 22:15:31,311] WARN - SourceHandler I/O error: Received fatal alert: certificate_unknown
[2021-03-30 22:15:31,351] WARN - ConnectCallback Connection refused or failed for : localhost/127.0.0.1:8888
[2021-03-30 22:15:31,353] WARN - EndpointContext Endpoint : CpoExecutorAPI--v1.0.0_APIproductionEndpoint with address http://localhost:8888/cpo-executor/dev will be marked SUSPENDED as it failed
Apart from the certificate issue, another possible cause for this error is network connectivity. Please make sure that there weren't any network issues while invoking the request and the network connectivity was stable. Also, please check whether you can directly connect to the provided endpoint URL and get the responses without any issues.
WARN - SourceHandler I/O error: Received fatal alert: certificate_unknown
With the above-mentioned warning, we can suspect there is an issue with certificates.
Therefore, if you have made any recent certificate changes in your environment can you check whether the required certs are available in the API Manager Keystore?
Related
I configured APIM with build-in Identety Server inside kubernetes cluster. Everything was working fine but recently we got an error related to expired certificate:
2021-07-29 14:30:35,308 INFO [wso2/gateway/src/gateway/utils] - [APIGatewayListener] [-] HTTP listener is active on port 9090
[ballerina/http] started HTTPS/WSS listener 0.0.0.0:9095
2021-07-29 14:30:35,310 INFO [wso2/gateway/src/gateway/utils] - [APIGatewayListener] [-] HTTPS listener is active on port 9095
2021-07-29 14:31:31,816 INFO [wso2/gateway/src/gateway/utils] - [NotificationEventListener] [-] Recieved event with type : SUBSCRIPTIONS_CREATE
2021-07-29 14:31:59,940 ERROR [ballerina/jwt] - Public key certificate validity period has passed.
2021-07-29 14:31:59,943 ERROR [ballerina/jwt] - JWT validation failed. : error {ballerina/jwt}Error message=Public key certificate validity period has passed.
2021-07-29 14:31:59,945 ERROR [wso2/gateway/src/gateway/utils] - Failed to authenticate with jwt auth provider. : error {ballerina/auth}Error message=JWT validation failed. cause=error {ballerina/jwt}Error message=Public key certificate validity period has passed.
Configmap to deploy certificate
After that I got another error related signature validation failed:
2021-07-29 19:16:42,517 ERROR [ballerina/jwt] - JWT signature validation has failed.
2021-07-29 19:16:42,517 ERROR [ballerina/jwt] - JWT validation failed. : error {ballerina/jwt}Error message=JWT signature validation has failed.
2021-07-29 19:16:42,518 ERROR [wso2/gateway/src/gateway/utils] - Failed to authenticate with jwt auth provider. : error {ballerina/auth}Error message=JWT validation failed. cause=error {ballerina/jwt}Error message=JWT signature validation has failed.
I guess I need to add this new cert to some part to APIM or probably need to add it to keystore. Can you help here please?
I have a docker environment running openldap, mysql, wso2is and wso2am. I'm trying to publish an API using API Manager Publisher and I'm facing the following error:
docker log:
[2021-03-18 21:40:32,764] INFO - CarbonAuthenticationUtil 'admin#wso2.com#carbon.super [-1234]' logged in at [2021-03-18 21:40:32,764+0000]
[2021-03-18 21:40:32,899] ERROR - APIGatewayManager Error occurred when publish to gateway Production and Sandbox
org.apache.axis2.AxisFault: Error while Deploying API
at org.wso2.carbon.apimgt.impl.utils.APIGatewayAdminClient.deployAPI_aroundBody14(APIGatewayAdminClient.java:215) ~[org.wso2.carbon.apimgt.impl_6.7.206.jar:?]
Caused by:
at java.lang.Thread.run(Thread.java:834) [?:?]
Caused by: org.apache.axis2.AxisFault: Error while obtaining API information from gateway. null
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531) ~[axis2_1.6.1.wso2v41.jar:?]
More info:
[2021-03-18 21:40:33,178] INFO - DataBridge user admin#wso2.com connected
[2021-03-18 21:40:33,187] ERROR - DataEndpointConnectionWorker Error while trying to connect to the endpoint. Cannot borrow client for ssl://172.29.0.5:9712.
org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Cannot borrow client for ssl://172.29.0.5:9712.
[2021-03-18 21:40:33,234] INFO - CarbonAuthenticationUtil 'admin#wso2.com#carbon.super [-1234]' logged in at [2021-03-18 21:40:33,233+0000]
[2021-03-18 21:40:33,264] ERROR - APIGatewayManager Error occurred when check api is published on gatewayProduction and Sandbox
Where is defined port 9712 for ssl? Because I don't have this port available on docker:
wso2am:3.2.0-alpine "/home/wso2carbon/wa…" 7 days ago Up 12 minutes (healthy) 0.0.0.0:8243->8243/tcp, 5672/tcp, 9099/tcp, 0.0.0.0:8280->8280/tcp, 9443/tcp, 9611/tcp, 9711/tcp, 9763/tcp, 9999/tcp, 11111/tcp, 0.0.0.0:9444->9444/tcp
I'm using WSO2 IS as key manager and the integration is working. Now my problem is only when I try to publish an API.
wso2is:5.10.0-alpine
wso2am:3.2.0-alpine
PS: I have disabled network from docker-compose to not have host problems.
Issue 01:
Caused by: org.apache.axis2.AxisFault: Error while obtaining API information from gateway. null
The above error can be seen most probably due to a connection issue between the Publisher and the Gateway server/s.
To resolve this, you may need to validate the Gateway configuration in the Publisher node. To do that, open the <PUBLISHER_HOME>/repository/conf/deployment.toml file and
check whether the following configuration is correct.
[[apim.gateway.environment]]
service_url = "https://<hostname_of_the_GW>:9443/services/"
Issue 02:
ERROR - DataEndpointConnectionWorker Error while trying to connect to the endpoint. Cannot borrow client for ssl://172.29.0.5:9712.
org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Cannot borrow client for ssl://172.29.0.5:9712.
The above error indicates that the 9712 port is not accessible. This 9712 is the default port which is started by BinaryDataReceiver for Binary SSL Transport and it will be used to authenticate data published to the Traffic Manager. Therefore, you need to make this port available.
I am new to WSO2 API Manager. I followed the Quick Start Guide to learn by deploying sample PizzaShackAPI.
https://docs.wso2.com/display/AM210/Quick+Start+Guide
As I click "Try It Out!", I am not getting the correct response as mentioned in the guide.
I am getting the below response and there is no log in the console initially.
Response Code
0
Response Headers
{
"error": "no response from server"
}
After I added Self Signed Certificate in Firefox as Add Exception, I am getting the below error in the console,
[2017-03-01 15:06:51,309] ERROR - SourceHandler I/O error: An established connection was aborted by the software in your
host machine
java.io.IOException: An established connection was aborted by the software in your host machine
at sun.nio.ch.SocketDispatcher.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:43)
at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223)
at sun.nio.ch.IOUtil.read(IOUtil.java:197)
at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380)
at org.apache.http.nio.reactor.ssl.SSLIOSession.receiveEncryptedData(SSLIOSession.java:371)
I guess it may be a certificate configuration issue. Please help me to resolve this issue.
I tried with creating my own API. Facing the same issue.
Error message "error": "no response from server" on API console is mostly due to CORS error. Could you please check your browser console and see the error there, Most likely you will see error related to cors.
Note: these changes are not advised for production environment, for production environment you want to provide all relevant information instead of allow all (*)
To allow all headers and origin edit repository/conf/api-manager.xml and change values for following:
<Access-Control-Allow-Headers>*</Access-Control-Allow-Headers>
<Access-Control-Allow-Origin>*</Access-Control-Allow-Origin>
Second change to allow all host name and avoid any certificate host name validation.
Edit /repository/conf/axis2/axis2.xml and un comment HostnameVerifier and change value to AllowAll.
<parameter name="HostnameVerifier">AllowAll</parameter>
Restart API Manager and test again.
Using WSO2 API Manager (V1.10), I published a API and I imported the SSL certificate to client-truststore.jks. But When I call this API, I 'm receving this error:
2016-07-11 11:42:11,296 [-] [HTTPS-Sender I/O dispatcher-7] ERROR TargetHandler I/O error: Received fatal alert: handshake_failure
javax.net.ssl.SSLException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1650)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1618)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1787)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1071)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:893)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:767)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:228)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:263)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:391)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
at java.lang.Thread.run(Thread.java:745)
I suspect your API calling client program does not have the API server's certificate. (Usually you import your certificate into your JRE's jacerts or other trust store)
But When I call this API, I 'm receving this error:
When you call this API, did this API calling client program (Java, for example) also get this WSO2 server's certificate imported? This may solve your problem.
According to the error log this happens in http sender. i.e when api manger invokes the back-end . if your backend is "HTTPS" you need to import its public certificate to trustore of APIM
Had same issue in Java 1.7. Java 1.8 has resolved my problem
Web service - Service is on WAS v7. Client is on JBoss v5. We recently upgraded to JBossWS 3.3.1. Since then the client is unable to communicate with the service on WAS.
Without any changes to code, we get the below exception
2012-01-19 14:42:15,317 ERROR [org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS]->error#419 (ajp-cwsappdev01%2F205.132.14.29-8109-1)
SOAP request exception java.io.IOException:
Error initializing socket factory SSL context: Can not find truststore url.
Added the following lines of code to the client:
((BindingProvider) impl).getRequestContext().put(StubExt.PROPERTY_KEY_STORE, "/usr/local/jee/.../cacerts"));
((BindingProvider) impl).getRequestContext().put(StubExt.PROPERTY_KEY_STORE_PASSWORD, "*****"));
((BindingProvider) impl).getRequestContext().put(StubExt.PROPERTY_CHUNKED_ENCODING_SIZE, "0");
After making the code change, am getting the below error:
Caused by: org.jboss.ws.WSException: Invalid HTTP server response [404] - Not Found
Any ideas? I added the chunked encoding property, as WAS does not support it properly. Any other incompatibility between JBoss and WebSphere App Server?
Thanks for your help in advance!
==================
I made some code changes and am now getting the below message. I use JBossWS-Native 3.3.1 and JAX-WS 2.1 versions. Does any one know how I can disable chunked encoding in JBoss?
File standard-jaxws-client-config.xml moved into one of JBoss the core JARS - updating it would need me to 'unjar' - edit file - and jar back again.
2012-01-24 10:35:57,930 WARN [org.jboss.ws.core.client.transport.NettyClient]->warn#352 (ajp-cwsappdev01%2F205.132.14.29-8109-4) Can't set chunk size from call properties, illegal value provided!
2012-01-24 10:35:58,001 ERROR [org.jboss.ws.core.CommonClient]->error#419 (ajp-cwsappdev01%2F205.132.14.29-8109-4) Exception caught while (preparing for) performing the invocation:
java.io.IOException: Could not transmit message
at org.jboss.ws.core.client.transport.NettyClient.invokeInternal(NettyClient.java:229)
at org.jboss.ws.core.client.transport.NettyClient.invoke(NettyClient.java:121)
at org.jboss.ws.core.client.HTTPRemotingConnection.invoke(HTTPRemotingConnection.java:150)
at org.jboss.ws.core.client.SOAPProtocolConnectionHTTP.invoke(SOAPProtocolConnectionHTTP.java:69)
at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:369)
at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:302)
at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:181)
at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:161)
at $Proxy796.getCWSAccount(Unknown Source)
Cause: Although the client had port specified as 8004 in the endpoint URL; when the request hit the service it was coming in for port 443. We moved/"attached" the service to port 443 and the web server was able to map it to the right application. will need to figure out why/where the endpoint was changed fro 8004 to 443..