I'm trying to use WSO2 Analytics on Windows 10.
My WSO2 Identity Server's version is 5.10.0 and Analytics' one is 5.8.0
To test WSO2 Analytics, I ran WSO2 Identity Server by executing 'wso2server.bat', and executed 'worker.bat' and 'dashboard.bat' sequentially to start Analytics.
Afterwards, once I enter 'https://localhost:9643/portal/', I faced an error below.
ERROR {org.wso2.transport.http.netty.contractimpl.listener.SslHandshakeCompletionHandlerForServer} - Error while SSL handshake: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
how can I fix it?
This error occurs, because identity server client trust-store does not contains analytic server's public certificate. To fix this
export analytics public certificate from keystore
keytool -export -keystore /resource/security/wso2carbon.jks -alias -file <wsoAs2carbon.cer>
Add the publc certificate to client-truststore.jks of identity server
keytool -import -alias -file <AScarbon.cer> -keystore /repository/resource/security/client-truststore.jks -storepass wso2carbon
Ref https://is.docs.wso2.com/en/5.10.0/learn/prerequisites-to-publish-statistics/#step-04-change-the-admin-password-and-add-key-store-certificates
Related
In wso2is 5.11.0 user trying to self register cause a "javax.net.ssl.SSLException: hostname in certificate didn't match: != ........." exception. The same configuration with same keystore and trust-store works fine if backported to 5.10.0.
Thanks
Francesco
In WSO2 IS-5.11, the server hostname for internal API calls is by default configured as localhost. This configuration is utilized to build the internal absolute URL of a service endpoint, which will be consumed at places that will generate internal API calls.
If you are configuring the hostname for evaluations (when there is no load balancer or proxy) you can follow this.
Add 'localhost' as SAN for the certificate (-ext SAN=dns:localhost)
Here is a sample keystore generation:
keytool -genkey -alias newcert -keyalg RSA -keysize 2048 -keystore newkeystore.jks -dname "CN=wso2is.local, OU=Is,O=Wso2,L=SL,S=WS,C=LK" -storepass mypassword -keypass mypassword -ext SAN=dns:localhost
Also, if you are using single-node deployment(there is no load balancer or proxy) instead of adding SAN, defining internal_hostname value as the same as hostname value will resolve this issue
[server]
hostname = "is.dev.wso2.com"
internal_hostname = "is.dev.wso2.com"
In Wso2 ESB when I try to connect with Https endpoint. I get
`TargetHandler I/O error: General SSLEngine problem`
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
How to solve this and how to get the certificate for the endpoint
I added the certificate and it's working
1) First, in the browser go to the HTTPS link you want to add a certificate, then in the browser address bar click on the view site information tab(i,e on the HTTPS ). Then go to description and then export it.
2) WSO2 will get the certification information from the client-truststore.jks. So, import the certificate to client-truststore.jks by the command.
keytool -importcert -file path\FileName.cer -keystore client-truststore.jks -alias "the endpoint or the domain address(like Https://..)"
After this configuration PKIX path building failed exceptions will be resolved.
3) Then in ESB_HOME\repository\conf\axis2\axis2.xml configure the parameter mentioned below.
<parameter name="HostnameVerifier">AllowAll</parameter>
After this javax.net.ssl.SSLHandshakeException: General SSLEngine problem will be resolved.
I want to add Not secure https service (https://192.168...) to wso2 esb. import the certificate from [1] to [ESB_HOM]/resources/security/client_truststore.jks VIA
:\>keytool import public_cert.crt -alias myservice -keystore client_truststore.jks
and uncomment parameter in axis2 and change it to the following
<parameter name="HostnameVerifier">AllowAll</parameter>
my cert file name is bank...cert . but my problem don't solved and i can't add this service to wso2.
I have created https based api in one of the wso2 esb 5.0.0 server, so now I want to call this https api from another wso2 esb 5.0.0.server. But I am getting SSL certificate error when calling https api from another wso2 esb server.
I have tried after importing localhost and wso2carbon certificates into client trust store and also wso2carbon key stores but no luck.
Does anyone tried ?
I am configuring a SharePoint 2013 web application to use Identiy server 3 as an identity provider, the configuration is done successfully and identiy server is added as a trusted identity token issuer to SharePoint, I have used identity server 3 Test Certificate as the signing certificate for SharePoint but every time, the redirect url gives an error occurred, this is the error in the log
An operation failed because the following certificate has validation errors: Subject Name: CN=idsrv3test Issuer Name: CN=DevRoot Thumbprint: Errors: PartialChain: A certificate chain could not be built to a trusted root authority. RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate. OfflineRevocation: The revocation function was unable to check revocation because the revocation server was offline. .
SharePoint needs to have the entire certificate chain, right up to the root, added as a SPTrustedRootAuthority.
In the "Import a token signing certificate by using Windows PowerShell" section of the Configure SAML-based claims authentication with AD FS in SharePoint 2013 article:
This step must be repeated for every token signing certificate in the chain until the root certification authority is reached.
So you can either get the root certificate of the IdentityServer test certificate, which is called DevRoot or create your own self-signed certificate for token signing.