Using WSO2 API Manager (V1.10), I published a API and I imported the SSL certificate to client-truststore.jks. But When I call this API, I 'm receving this error:
2016-07-11 11:42:11,296 [-] [HTTPS-Sender I/O dispatcher-7] ERROR TargetHandler I/O error: Received fatal alert: handshake_failure
javax.net.ssl.SSLException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1650)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1618)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1787)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1071)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:893)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:767)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:228)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:263)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:391)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
at java.lang.Thread.run(Thread.java:745)
I suspect your API calling client program does not have the API server's certificate. (Usually you import your certificate into your JRE's jacerts or other trust store)
But When I call this API, I 'm receving this error:
When you call this API, did this API calling client program (Java, for example) also get this WSO2 server's certificate imported? This may solve your problem.
According to the error log this happens in http sender. i.e when api manger invokes the back-end . if your backend is "HTTPS" you need to import its public certificate to trustore of APIM
Had same issue in Java 1.7. Java 1.8 has resolved my problem
Related
I'm trying to create a new API from a rest service in WSO2 Publisher and I'm getting an error when I try to validate the endpoint:
When I go to log it shows the message:
[2021-03-30 22:09:54,744] ERROR - ApisApiServiceImpl Error occurred while sending the HEAD request to the given endpoint url:
java.net.ConnectException: Connection refused (Connection refused)
What am I doing wrong?
If I progress the creation when I try to test I get another error:
[2021-03-30 22:15:31,311] WARN - SourceHandler I/O error: Received fatal alert: certificate_unknown
[2021-03-30 22:15:31,351] WARN - ConnectCallback Connection refused or failed for : localhost/127.0.0.1:8888
[2021-03-30 22:15:31,353] WARN - EndpointContext Endpoint : CpoExecutorAPI--v1.0.0_APIproductionEndpoint with address http://localhost:8888/cpo-executor/dev will be marked SUSPENDED as it failed
Apart from the certificate issue, another possible cause for this error is network connectivity. Please make sure that there weren't any network issues while invoking the request and the network connectivity was stable. Also, please check whether you can directly connect to the provided endpoint URL and get the responses without any issues.
WARN - SourceHandler I/O error: Received fatal alert: certificate_unknown
With the above-mentioned warning, we can suspect there is an issue with certificates.
Therefore, if you have made any recent certificate changes in your environment can you check whether the required certs are available in the API Manager Keystore?
I have a docker environment running openldap, mysql, wso2is and wso2am. I'm trying to publish an API using API Manager Publisher and I'm facing the following error:
docker log:
[2021-03-18 21:40:32,764] INFO - CarbonAuthenticationUtil 'admin#wso2.com#carbon.super [-1234]' logged in at [2021-03-18 21:40:32,764+0000]
[2021-03-18 21:40:32,899] ERROR - APIGatewayManager Error occurred when publish to gateway Production and Sandbox
org.apache.axis2.AxisFault: Error while Deploying API
at org.wso2.carbon.apimgt.impl.utils.APIGatewayAdminClient.deployAPI_aroundBody14(APIGatewayAdminClient.java:215) ~[org.wso2.carbon.apimgt.impl_6.7.206.jar:?]
Caused by:
at java.lang.Thread.run(Thread.java:834) [?:?]
Caused by: org.apache.axis2.AxisFault: Error while obtaining API information from gateway. null
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531) ~[axis2_1.6.1.wso2v41.jar:?]
More info:
[2021-03-18 21:40:33,178] INFO - DataBridge user admin#wso2.com connected
[2021-03-18 21:40:33,187] ERROR - DataEndpointConnectionWorker Error while trying to connect to the endpoint. Cannot borrow client for ssl://172.29.0.5:9712.
org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Cannot borrow client for ssl://172.29.0.5:9712.
[2021-03-18 21:40:33,234] INFO - CarbonAuthenticationUtil 'admin#wso2.com#carbon.super [-1234]' logged in at [2021-03-18 21:40:33,233+0000]
[2021-03-18 21:40:33,264] ERROR - APIGatewayManager Error occurred when check api is published on gatewayProduction and Sandbox
Where is defined port 9712 for ssl? Because I don't have this port available on docker:
wso2am:3.2.0-alpine "/home/wso2carbon/wa…" 7 days ago Up 12 minutes (healthy) 0.0.0.0:8243->8243/tcp, 5672/tcp, 9099/tcp, 0.0.0.0:8280->8280/tcp, 9443/tcp, 9611/tcp, 9711/tcp, 9763/tcp, 9999/tcp, 11111/tcp, 0.0.0.0:9444->9444/tcp
I'm using WSO2 IS as key manager and the integration is working. Now my problem is only when I try to publish an API.
wso2is:5.10.0-alpine
wso2am:3.2.0-alpine
PS: I have disabled network from docker-compose to not have host problems.
Issue 01:
Caused by: org.apache.axis2.AxisFault: Error while obtaining API information from gateway. null
The above error can be seen most probably due to a connection issue between the Publisher and the Gateway server/s.
To resolve this, you may need to validate the Gateway configuration in the Publisher node. To do that, open the <PUBLISHER_HOME>/repository/conf/deployment.toml file and
check whether the following configuration is correct.
[[apim.gateway.environment]]
service_url = "https://<hostname_of_the_GW>:9443/services/"
Issue 02:
ERROR - DataEndpointConnectionWorker Error while trying to connect to the endpoint. Cannot borrow client for ssl://172.29.0.5:9712.
org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Cannot borrow client for ssl://172.29.0.5:9712.
The above error indicates that the 9712 port is not accessible. This 9712 is the default port which is started by BinaryDataReceiver for Binary SSL Transport and it will be used to authenticate data published to the Traffic Manager. Therefore, you need to make this port available.
I try to add (and consume) an REST api on HTTPS through API Manager.
So, with a little schema :
Client (SoapUi) --HTTPS--> APIM --HTTPS--> REST API
Result: Failed
Client (SoapUi) --HTTP--> APIM --HTTPS--> REST API
Result: Failed
Here the stack :
2019-05-17 10:31:02,090 [-] [HTTPS-Listener I/O dispatcher-1] ERROR SourceHandler I/O error: Received fatal alert: certificate_unknown
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1800)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1083)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:245)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:280)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:410)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
at java.lang.Thread.run(Thread.java:745)
I think the problem is between API Manager and the REST API
The REST API Certificate is composed like this :
CA Root Sectigo
|
--> Gandi
|
--> wildcard's Company
I try to add (via publisher's site) the Wildcard's company => no change
I try to add CA root to jvm keystore => no change
Actually, API Manager had the default Self Signed certificate.
Maybe it's a part of the problem.
Any ideas?
Regards,
Mike
Installed wso2am 2.6.0.
Created and published API - Myapi. Myapi is visible in API store and it can be invoked from there (receives correct response).
Created my own custom class demo mediator (nothing fancy, just outputs some information) and uploaded it to <API-M_HOME>/repository/components/lib.
Created sequence xml with my own custom class and manually uploaded it for Myapi (in API publisher 'Enabled message Mediation', for 'In Flow').
Restarted server and it looks like registered my custom class mediator successfully.
But now then i try to invoke this API through API store it throws such exception:
[2019-03-23 21:04:00,858] ERROR - SourceHandler I/O error: Received fatal alert: certificate_unknown
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1800)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1083)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:245)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:280)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:410)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
at java.lang.Thread.run(Thread.java:748)
[2019-03-23 21:04:00,874] INFO - LogMediator IN_MESSAGE = json_validator
[2019-03-23 21:04:00,879] INFO - LogMediator STATUS = Executing default 'fault' sequence, ERROR_CODE = 0, ERROR_MESSAGE = Error occured in the mediation of the class mediator
Same issue happens when i selected another i.e. json_validator mediator (which is not my custom, so issue is not just in my custom mediator), but i.e. with debug_in_flow mediator everything works.
It seems that this issue appears when mediator uses some class mediator and then it throws this SSL exception.
Any ideas where certificate should be added? As I understand inner service tries to invoke custom java class without certificate and fails.
Exception is throwing, but it doesn't affect custom mediator flow.
I have a webservice with some input only operations. In the ESB i've created a proxy and sets the properties OUT_ONLY and FORCE_SC_ACCEPTED to true. Everytime I call the proxied operation I get the following error message in the wso2carbon.log:
TID: [0] [ESB] [2015-04-02 09:52:45,307] ERROR {org.apache.axis2.transport.base.threads.NativeWorkerPool} - Uncaught exception {org.apache.axis2.transport.base.threads.NativeWorkerPool}
java.lang.UnsupportedOperationException: Not yet implemented
at org.apache.axis2.description.OutOnlyAxisOperation.getMessage(OutOnlyAxisOperation.java:124)
at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.processResponse(MultitenantMessageReceiver.java:125)
at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.receive(MultitenantMessageReceiver.java:81)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ClientWorker.run(ClientWorker.java:225)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Althought everything seems to work OK, I am worried about this message. What am I doing wrong. These input only will be called very frequently in production, so I'd like them to be error free.
WSO2 ESB: 4.8.1
Thanks,
Danny
this exception will occur if OUT_ONLY=true and your backend sending a response back to the esb.if OUT_ONLY is set true, your are getting a response from the backend then it is not a valid scenarion for if OUT_ONLY property.check this post[1]
1.https://mohanadarshan.wordpress.com/2013/05/05/out_only-scenario-in-proxy-service-wso2-esb/
Out-only property is set to inform that this service does not return a response back. For instance if you are sending messages to a message broker. Force-sc-accepted flag causes ESB to send HTTP Accepted status response back to the client (which calls ESB) since otherwise client will timeout without a reaponse. So please make sure your backend service does not send a response and it is accessible to ESB.
Solved this issue for now: My ESB was running in multi-tenant mode. The proxy service were created in the tenant. I did a fresh install and put the config in (so no tenants). The error disappears immediately. When I remove the config and create a tenant and put the config into the tenant the error reappears. So might this be a bug. I can try to verify with running sample 253 (OneWayProxy) in a tenant.