Hi, I faced an issue when trying to access a PHP cartridge instance in HTTPS protocol via Stratos LB. In the web browser I get "Resource not found" message. But it works when I directly access the instance using member public IP. When I check the LB error log I see the following exception;
ERROR {org.apache.synapse.transport.passthru.TargetHandler} - I/O error: handshake alert: unrecognized_name javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name Then I tried forcing Apache Server to use SSLv3 instead of TLS, after that I got the following error; ERROR {org.apache.synapse.transport.passthru.TargetHandler} - I/O error: handshake alert: handshake_failure javax.net.ssl.SSLProtocolException: handshake alert: handshake_failure After some Googling I found out the root cause. This issue is caused by the following enhancement in JDK 7: "The JDK 7 release supports the Server Name Indication (SNI) extension in the JSSE client. SNI, described in RFC 4366 enables TLS clients to connect to virtual servers." As a workaround I had to disable SNI extension by adding the following JVM parameter to LB; "-Djsse.enableSNIExtension=false" After doing that, I still got the following error; ERROR {org.apache.synapse.transport.passthru.TargetHandler} - I/O error: General SSLEngine problem javax.net.ssl.SSLHandshakeException: General SSLEngine problem After some more Googling I found this blog [1] which explains how to import self-signed certificates into WSO2 client trust store. I got it to working state after those configurations, but the problem is I need to restart the LB after importing the certificate to trust store. Is there a better/recommended way to access cartridges in HTTPS protocol that use self-signed certificates? I presume this will not happen when proper SSL certificates (issued by a CA) are being used. [1] http://evanthika.blogspot.com/2014/04/setting-up-simple-wso2-as-cluster-when.html Thanks. -- Akila Ravihansa Perera Software Engineer WSO2 Inc. http://wso2.com Phone: +94 77 64 154 38 Blog: http://ravihansa3000.blogspot.com