I'm trying to achieve wso2 workflow implementation on WSO2 API Manager 3.1.0, I'm unable to find the request coming to the admin portal.
can anyone please help with this?
Followed WSO2 official documentation, I tried the same in WSO2 API Manager 2.6.0 it worked fine.
Versions using:
WSO2 API Manager 3.1.0 &
WSO2 EI 6.5.0
Note: No log got printed in BPS server while trying this one.
logs in APIM as follows.
[2020-09-21 21:40:59,988] ERROR - SubscriptionsApiServiceImpl Requested application not found
[2020-09-21 21:41:18,901] ERROR - SubscriptionsApiServiceImpl Requested application not found
[2020-09-21 21:42:12,318] INFO - CarbonAuthenticationUtil 'admin#carbon.super [-1234]' logged in at [2020-09-21 21:42:12,318+0530]
[2020-09-21 21:42:12,347] INFO - PermissionUpdater Permission cache updated for tenant -1234
[2020-09-21 21:42:12,387] INFO - CarbonAuthenticationUtil 'admin#carbon.super [-1234]' logged in at [2020-09-21 21:42:12,387+0530]
[2020-09-21 21:42:13,180] WARN - login:jag Not Retrieving Pending Tasks. Check BPS Connectivity. javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
[2020-09-21 21:42:13,346] WARN - login:jag Not Retrieving Pending Tasks. Check BPS Connectivity. javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
"I'm trying to achieve wso2 workflow implementation on WSO2 API
Manager 3.1.0, I'm unable to find the request coming to the admin
portal."
[2020-09-21 21:42:13,180] WARN - login:jag Not Retrieving Pending Tasks. Check BPS Connectivity. javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
[2020-09-21 21:42:13,346] WARN - login:jag Not Retrieving Pending Tasks. Check BPS Connectivity. javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
To show the task list in the Admin portal, we need to import the certificate of API Manager into the client-truststore of the EI server and also import the certificate of EI server into the client-truststore of API Manager. As per the above logs you haven't done that.
Please follow the below steps to import and export certificates among APIM and EI servers.
Paths to the directory containing the client-truststore of each product are:
API-M - '<API-M_HOME>/repository/resources/security'
EI - '<EI_HOME>/wso2/business-process/repository/resources/security
Export certificate from BPS and import to APIM
cd <EI_HOME>/wso2/business-process/repository/resources/security
keytool -export -alias wso2carbon -keystore wso2carbon.jks -file publickeyBPS.pem
Enter the password as wso2carbon when requested. This is the default password for keystores.
cp publickeyBPS.pem <AM_HOME>/repository/resources/security
cd <AM_HOME>/repository/resources/security
keytool -import -alias wso2bps -file publickeyBPS.pem -keystore client-truststore.jks -storepass wso2carbon
keytool -list -alias wso2bps -keystore client-truststore.jks -v
Export certificate from APIM and import to BPS
cd <API-M_HOME>/repository/resources/security
keytool -export -alias wso2carbon -keystore wso2carbon.jks -file publickeyAPIM.pem
Enter the password as wso2carbon when requested. This is the default password for keystores.
cp publickeyAPIM.pem <EI_HOME>/wso2/business-process/repository/resources/security
cd <EI_HOME>/wso2/business-process/repository/resources/security
keytool -import -alias wso2apim -file publickeyAPIM.pem -keystore client-truststore.jks -storepass wso2carbon
keytool -list -alias wso2bps -keystore client-truststore.jks -v
Related
After add configuration for enable WSO2 Is-Analytics v5.8.0 in deployment.toml file in the IS_HOME/repository/conf/ directory
https://is.docs.wso2.com/en/5.10.0/learn/configuring-identity-analytics/
And than running wso2server.bat IS_HOME/bin directory.
When trying to access the application in service provider, an error was found
any advice how to fix an error?
thank you
First step
Configure according to the following link for analytics https://is.docs.wso2.com/en/5.10.0/learn/configuring-identity-analytics/
Second step
Copy the wso2carbon.jks and the client-truststore.jks from IS distribution located at <IS-HOME>/repository/resources/security and replace the two in the IS-Analytics distribution at <IS-ANALYTICS-HOME>/resources/security
if you find an error a certificate when accessing the analytics dashboard via the browser, you can try this solution
keytool -import -alias wso2 -file "D:\localhost.pem" -keystore "C:\Program Files\WSO2\Identity Server\5.10.0\repository\resources\security\client-truststore.jks" -storepass wso2carbon
keytool -import -alias wso2 -file "D:\localhost.pem" -keystore "C:\Program Files\WSO2\wso2is-analytics-5.8.0\resources\security\client-truststore.jks" -storepass wso2carbon
When logging into the /publisher or /store, I get the "Peer not authenticated" error.
To give more context, I created a new keystore and imported its .pem certificate into the client-trustore.jks and finally updated the SSL keystore configuration to use this new one, as written here: https://docs.wso2.com/display/ADMIN44x/Configuring+Keystores+in+WSO2+Products#Configuring%20keystores%20for%20SSL%20connections
WSO2 Log with SSL Debug enabled:
%% Invalidated: [Session-11, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384]
http-nio-9443-exec-25, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown
http-nio-9443-exec-25, WRITE: TLSv1.2 Alert, length = 2
http-nio-9443-exec-25, called closeSocket()
http-nio-9443-exec-25, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
http-nio-9443-exec-25, IOException in getSession(): javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
http-nio-9443-exec-45, READ: TLSv1.2 Alert, length = 2
http-nio-9443-exec-45, RECV TLSv1.2 ALERT: fatal, certificate_unknown
http-nio-9443-exec-45, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
http-nio-9443-exec-45, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
http-nio-9443-exec-45, called closeOutbound()
http-nio-9443-exec-45, closeOutboundInternal()
http-nio-9443-exec-45, SEND TLSv1.2 ALERT: warning, description = close_notify
http-nio-9443-exec-45, WRITE: TLSv1.2 Alert, length = 2
TID: [-1234] [] [2020-03-10 15:03:32,866] INFO {org.wso2.carbon.core.internal.permission.update.PermissionUpdater} - Permission cache updated for tenant -1234 {org.wso2.carbon.core.internal.permission.update.PermissionUpdater}
TID: [-1234] [] [2020-03-10 15:03:32,898] INFO {org.apache.axis2.transport.http.HTTPSender} - Unable to sendViaPost to url[https://<serverPublicIP>:9443/services/AuthenticationAdmin] {org.apache.axis2.transport.http.HTTPSender}
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:450)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:276)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:186)
The keytool commands I used:
// Create the keystore
$ keytool -genkey -alias custom -keyalg RSA -keysize 2048 -keystore custom.jks -dname "CN=<myhostdomain>, OU=Home,O=Home,L=SL,S=WS,C=LK" -storepass wso2carbon -keypass wso2carbon
// Export the new keystore certificate
$ keytool -export -alias custom -keystore custom.jks -file custom.pem
// Import the new certificate into the client-truststore
$ keytool -import -alias custom -file custom.pem -keystore client-truststore.jks -storepass wso2carbon
Product Version:
APIM 2.6 (not using IS as Key Manager, just the stock WSO2 API Manager)
Consistently reproduced the issue on a clean installation. The problem was that I enabled the H2 database visualization in the browser, by changing this config in the carbon.xml (it was commented):
<H2DatabaseConfiguration>
<property name="web" />
<property name="webPort">8082</property>
<property name="webAllowOthers" />
For some reason, this causes the Peer not authenticated error, when logging to the publisher or store.
I've tried to install an instance on AWS using aws RDS as
my datasource through the mysql-connector-java-5.1.45-bin.jar
with jdbc url
jdbc:mysql://< instance>.< zone>.rds.amazonaws.com:3306/carbon_db
i've got an exception
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failurecom.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure
The last packet successfully received from the server was 7 milliseconds ago. The last packet sent successfully to the server was 7 milliseconds ago.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:425)
.
.
.
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
I've tried to run
keytool -importcert -keystore <keystore> -storepass <pass> -noprompt -file rds-combined-ca-bundle.pem
on cacerts.jks in JVM and client-trustore.jks inside WSO2 repository with no effect
This happens since the public certificate from your DB connection, is not trusted by the WSO2 Identity Server.
Since you have tried adding the certificate, verify whether this has been added properly.
Get the public certificate from your DB instance.
Go to the <IS_HOME>/repository/resources/security folder. Import the public certificate to the client-truststore.jks file. Use the command below.
keytool -importcert -file certificate.cer -keystore client-truststore.jks -alias "Alias"
Restart the wso2 IS instance and check if the issue still persists.
According to the MySQL connector documentation in [1], following JDBC URL parameters should be included into the JDBC url to enable the SSL communication between MySQL server and the wso2 server.
useSSL=true
requireSSL=true
clientCertificateKeyStoreUrl
clientCertificateKeyStorePassword
I was able to successfully create the secure connection between MySQL server and the wso2 server with the below JDBC URL.
jdbc:mysql://<HOST_NAME>:<PORT>/apimgtdb?useSSL=true&requireSSL=true&clientCertificateKeyStoreUrl=file:<WSO2_HOME>/repository/resources/security/client-truststore.jks&clientCertificateKeyStorePassword=wso2carbon
I'm installed WSO2 DAS Server on my LAN network, but I can't create new Dashboard because this error:
javax.net.ssl.SSLException: hostname in certificate didn't match:
<192.168.3.27> != localhost
in log file here.
Please help and thanks
It happens due to certificate is for localhost not for the domain that we run. For that we need to generate new certificate with specific domain and configuration changes with correct .jks file and correct password.
It will resolve the certificate didn't match. We need to replace all the localhost in the portal folder. If I have worked like these and fixed with gaudiness. For more refernce please visit
http://www.vitharana.org/2012/12/how-to-add-new-keystore-to-carbon-4_3.html
Above error log happens due to certificate is for localhost not for the host (192.168.3.27). You can fix this by importing KeyStore file to the trustore by using following commands in the terminal.
keytool -export -alias <HostName> -file mycert.crt -keystore myjks.jks -storepass <pwd>
keytool -import -alias <HostName> -file /usr/local/app/wso2/wso2das-3.0.0/repository/resources/security/mycert.crt -keystore cacerts -storepass changeit
Please refer following articles for more details [1]. On the other hand for a quick test you can access dashboard portal in http by using following URL
http://localhost:9763/portal/
[1] https://medium.com/#dunithd/wso2-das-how-to-fix-javax-net-ssl-sslexception-160c13bc8fe7#.npua5d4nf
I have installed a distributed WSO2 API Manager Componentes. This works very well but when I subscribe to an API and generate a token this error is shown:
"Token revoke failed : HTTP error code : 500"
The log :
[2015-08-12 13:28:59,623] ERROR - TargetHandler I/O error: Host name verification failed for host : 189.9.134.48
javax.net.ssl.SSLException: Host name verification failed for host : 189.9.134.48
at org.apache.synapse.transport.http.conn.ClientSSLSetupHandler.verify(ClientSSLSetupHandler.java:152)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:285)
at org.apache.http.nio.reactor.ssl.SSLIOSession.outboundTransport(SSLIOSession.java:420)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.outputReady(AbstractIODispatch.java:150)
at org.apache.http.impl.nio.reactor.BaseIOReactor.writable(BaseIOReactor.java:181)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:346)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:320)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:280)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:604)
at java.lang.Thread.run(Thread.java:745)
[2015-08-12 13:28:59,627] WARN - EndpointContext Endpoint : AnonymousEndpoint will be marked SUSPENDED as it failed
[2015-08-12 13:28:59,628] WARN - EndpointContext Suspending endpoint : AnonymousEndpoint - last suspend duration was : 30000ms and current suspend duration is : 30000ms - Next retry after : Wed Aug 12 13:29:29 BRT 2015
[2015-08-12 13:28:59,629] INFO - LogMediator STATUS = Executing token 'fault' sequence, ERROR_CODE = 101500, ERROR_MESSAGE = Error in Sender
[2015-08-12 13:28:59,635] ERROR - subscription-add:jag java.lang.RuntimeException: Token revoke failed : HTTP error code : 500
[2015-08-12 13:29:09,641] ERROR - SourceHandler I/O error: Conexão fechada pela outra ponta
How can I solve this problem? I'm using APIM 1.9.
You have two ways to solve this issue. The following is recommended in production environment. The second way isn't recommanded in production environment
Way 1
You are having issue with verifying hostname "189.9.134.48". 189.9.134.48 should be your Common Name (CN) when generating your keys. You have to import your public key certificate of WSO2 IS server into WSO2 APIM server. You may use the following command inorder to extract the public key certificate from your keystore. Go inside <IS_HOME>/repository/resources/security/ directory
keytool -export -keystore <IS_Store> -alias <alias_of_IS_certificate> -file <IS_certificate>.cer
This SSL Ceritificate of the IS should be imported into the client-truststore.jks of APIM server.
Shutdown the APIM server if it's up.
Go to <APIM_HOME>/repository/resources/security/ directory.
Import the public key of appserver to the client-truststore.jks file using the following command
in terminal.
keytool -import -alias <alias_of_IS_certificate> -file <IS_certificate>.cer -keystore client-truststore.jks -storepass wso2carbon
Restart the APIM server.
Way 2
Set the <parameter name="HostnameVerifier"> element to AllowAll in <APIM_HOME>/repository/conf/axis2/axis2.xml file's HTTPS transport sender configuration. For example, <parameter name="HostnameVerifier">AllowAll</parameter>.
This parameter verifies the hostname of the certificate of a server when the API Manager acts as a client and does outbound service calls.