Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to disable Hostname verification ? #490

Open
jackchuong opened this issue May 19, 2023 · 2 comments
Open

How to disable Hostname verification ? #490

jackchuong opened this issue May 19, 2023 · 2 comments

Comments

@jackchuong
Copy link

Hi all,
I'm trying WSO2 API Manager 4.2.0 + mysql with docker compose , apim_db & shared_db changed to MySQL , WSO2CARBON_DB is still H2 as default, this is my configs:

docker-compose.yml
version: '3.1'
services:
  wso2apim:
    image: docker.wso2.com/wso2am:4.2.0
    container_name: wso2apim
    hostname: esb.mydomain.com
    environment:
      - TZ=Asia/Ho_Chi_Minh
    ports:
      - 9443:9443
      - 8243:8243
      - 8280:8280
    volumes:
      - ./mysql-connector-j-8.0.33.jar:/home/wso2carbon/wso2am-4.2.0/repository/components/lib/mysql-connector-j-8.0.33.jar
      - ./deployment.toml:/home/wso2carbon/wso2am-4.2.0/repository/conf/deployment.toml
      - ./security:/home/wso2carbon/wso2am-4.2.0/repository/resources/security
      - ./database:/home/wso2carbon/wso2am-4.2.0/repository/database
    restart: always

  wso2mysql:
    image: mysql:8.0
    container_name: wso2mysql
    environment:
      - TZ=Asia/Ho_Chi_Minh
      - MYSQL_ROOT_PASSWORD=***
    security_opt:
      - seccomp:unconfined
    volumes:
      - ./mysqldata:/var/lib/mysql
      - ./my.cnf:/etc/mysql/my.cnf
      #- ./dbscripts:/docker-entrypoint-initdb.d
    restart: always

deployment.toml (I only post the parts that have changed from the default)
[server]
hostname = "esb.mydomain.com"
[database.apim_db]
type = "mysql"
url = "jdbc:mysql://wso2mysql:3306/WSO2AM_DB?useSSL=false&allowPublicKeyRetrieval=true"
username = "root"
password = "***"
driver="com.mysql.cj.jdbc.Driver"

[database.shared_db]
type = "mysql"
url = "jdbc:mysql://wso2mysql:3306/WSO2AM_SHARED_DB?useSSL=false&allowPublicKeyRetrieval=true"
username = "root"
password = "***"
driver="com.mysql.cj.jdbc.Driver"

I have a wildcard certificate for *.mydomain.com , and I configured keystore , replaced alias "wso2carbon" in wso2carbon.jks (with pfx file) and client-truststore.jks (with pem file) , restarted containers.
I can login to https://esb.mydomain.com:9443/carbon successfully , valid certificate
When I try to access https://esb.mydomain.com:9443/publisher or /devportal I get error like

Caused by: javax.net.ssl.SSLHandshakeException: No name matching localhost found
Caused by: java.security.cert.CertificateException: No name matching localhost found

As far as I know, because my wildcard certificate doesn't have localhost as the Common Name(CN) or as a Subject Alternate Name(SAN) hence when the server is trying to connect with the host localhost the HostName verification fails.
I cannot request a new certificate for now, how can I disable Hostname verification with docker compose to make it work ?

@abijithshine
Copy link

Hi @jackchuong

I am also facing the same issue. Did you get any solution for this issue.

@hibernatefariala
Copy link

I have the same issue. `have you found a solution please?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants