Hi Aparna, It seems that the same issue occurring at [1].
[1] - [Dev][IS] "hostname in certificate didn't match:" issue when accessing IS dashboard Regards, Dilshan On Fri, Nov 20, 2015 at 11:38 AM, Aparna Karunarathna <apa...@wso2.com> wrote: > Actually I have used another Nginx to resolve my issue, not a permanent > solution. AFAIU this is getting due to httpclient 4.3.1 doesn't support > SNI. > > @IsuruU, Shouldn't it upgrade to httpclient 4.3.2 ? > > Regards, > Aparna. > > > On Fri, Nov 20, 2015 at 11:24 AM, Malintha Adikari <malin...@wso2.com> > wrote: > >> Hi Aprana, >> >> I am getting the same issue while accessing APIM distributed cluster >> nodes fronted through loadbalancer(nginx) instance. Did you able to solve >> this issue ? If so how did you solve it ? >> >> Regards, >> Malintha >> >> On Wed, Oct 28, 2015 at 2:09 PM, Isuru Udana <isu...@wso2.com> wrote: >> >>> Hi Aparna, >>> >>> Bundles are coming from features, whatever version defined in the >>> product pom have no relationship for that. >>> >>> Thanks. >>> >>> On Wed, Oct 28, 2015 at 11:20 AM, Aparna Karunarathna <apa...@wso2.com> >>> wrote: >>> >>>> Hi Isuru, >>>> >>>> I checked version from the ESB master branch pom[1]. >>>> >>>> <httpclient.version>4.1.2</httpclient.version> >>>> >>>> [1] https://github.com/wso2/product-esb/blob/master/pom.xml >>>> >>>> Regards, >>>> Aparna. >>>> >>>> On Tue, Oct 27, 2015 at 5:41 AM, Isuru Udana <isu...@wso2.com> wrote: >>>> >>>>> Hi Aparna, >>>>> >>>>> We are using 4.3.1. >>>>> >>>>> >>>>> Thanks. >>>>> >>>>> On Mon, Oct 26, 2015 at 10:36 AM, Aparna Karunarathna <apa...@wso2.com >>>>> > wrote: >>>>> >>>>>> Hi Kasun/Isuru, >>>>>> >>>>>> Currently ESB uses Apache httpclient 4.1.2, shouldn't it upgrade to >>>>>> newer version? >>>>>> >>>>>> @Deep, Thanks for the clarification. >>>>>> >>>>>> Regards, >>>>>> Aparna >>>>>> >>>>>> On Sat, Oct 24, 2015 at 11:38 AM, Deependra Ariyadewa <d...@wso2.com> >>>>>> wrote: >>>>>> >>>>>>> Hi Aparna, >>>>>>> >>>>>>> This can happen when the client does not send the SNI[1][2] to the >>>>>>> server side to select the proper HTTPS virtual host. In this case NGINX >>>>>>> reverse proxy created in the vhost. Most of the modern browsers send >>>>>>> SNI to >>>>>>> server, therefore you will not observe this when you make the request >>>>>>> via a >>>>>>> modern browser. >>>>>>> >>>>>>> Most of the new Java HTTP client libraries also support SNI. As an >>>>>>> example, Apache httpclient library support SNI from version 4.3.2 [3]. >>>>>>> If >>>>>>> you use a library which does not support SNI, you will get this error >>>>>>> for >>>>>>> HTTPS call going towards services hosted in virtual host environments. >>>>>>> >>>>>>> [1] https://en.wikipedia.org/wiki/Server_Name_Indication >>>>>>> [2] https://www.ietf.org/rfc/rfc3546.txt >>>>>>> [3] https://hc.apache.org/news.html >>>>>>> >>>>>>> On Fri, Oct 23, 2015 at 11:07 AM, Aparna Karunarathna < >>>>>>> apa...@wso2.com> wrote: >>>>>>> >>>>>>>> Hi all, >>>>>>>> >>>>>>>> I have encountered a weird "hostname in certificate didn't match:" >>>>>>>> issue when accessing IS dashboard. My setup details are as follows. >>>>>>>> >>>>>>>> *Setup Details* >>>>>>>> *IS cluster* >>>>>>>> - 3 nodes cluster >>>>>>>> - Hostname - mgt.is.wso2.com >>>>>>>> - Certificate CN - mgt.is.wso2.com >>>>>>>> >>>>>>>> *BPS cluster* >>>>>>>> - 2 nodes cluster (manager/worker) >>>>>>>> - Hostnames - Manager - mgt.bps.wso2.com / Worker - >>>>>>>> wrk.bps.wso2.com >>>>>>>> - Certificate CN - *.bps.wso2.com >>>>>>>> >>>>>>>> * Both nodes are fronted by same Nginx plus load balancer. >>>>>>>> >>>>>>>> [1] >>>>>>>> javax.net.ssl.SSLException: hostname in certificate didn't match: < >>>>>>>> mgt.is.wso2.com> != <*.bps.wso2.com> >>>>>>>> at >>>>>>>> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:238) >>>>>>>> at >>>>>>>> org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54) >>>>>>>> .... >>>>>>>> .... >>>>>>>> >>>>>>>> When we check the browser cookie, it gave correct certificate. ( >>>>>>>> mgt.is.wso2.com), but when we check it from java client[2] it >>>>>>>> gives the bps certificate (*.bps.wso2.com) instead of IS. >>>>>>>> >>>>>>>> [2] >>>>>>>> https://darray.wordpress.com/2015/07/12/freak-vulnerability-and-disabling-weak-export-cipher-suites-in-wso2-carbon-4-2-0-based-products/ >>>>>>>> >>>>>>>> What is the reason for this? Is it my config issue or Nginx issue >>>>>>>> or our product issue? >>>>>>>> >>>>>>>> -- >>>>>>>> *Regards,* >>>>>>>> >>>>>>>> *Aparna Karunarathna.* >>>>>>>> >>>>>>>> >>>>>>>> *Associate Technical Lead - QAWSO2 Inc.Mobile: 0714002533 >>>>>>>> <0714002533>* >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Deependra Ariyadewa >>>>>>> WSO2, Inc. http://wso2.com/ http://wso2.org >>>>>>> >>>>>>> email d...@wso2.com; cell +94 71 403 5996 ; >>>>>>> Blog http://risenfall.wordpress.com/ >>>>>>> PGP info: KeyID: 'DC627E6F' >>>>>>> >>>>>>> *WSO2 - Lean . Enterprise . Middleware* >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Regards,* >>>>>> >>>>>> *Aparna Karunarathna.* >>>>>> >>>>>> >>>>>> *Associate Technical Lead - QAWSO2 Inc.Mobile: 0714002533 >>>>>> <0714002533>* >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> *Isuru Udana* >>>>> Associate Technical Lead >>>>> WSO2 Inc.; http://wso2.com >>>>> email: isu...@wso2.com cell: +94 77 3791887 >>>>> blog: http://mytecheye.blogspot.com/ >>>>> >>>> >>>> >>>> >>>> -- >>>> *Regards,* >>>> >>>> *Aparna Karunarathna.* >>>> >>>> >>>> *Associate Technical Lead - QAWSO2 Inc.Mobile: 0714002533 <0714002533>* >>>> >>> >>> >>> >>> -- >>> *Isuru Udana* >>> Associate Technical Lead >>> WSO2 Inc.; http://wso2.com >>> email: isu...@wso2.com cell: +94 77 3791887 >>> blog: http://mytecheye.blogspot.com/ >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> *Malintha Adikari* >> Software Engineer >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> >> Mobile: +94 71 2312958 >> Blog: http://malinthas.blogspot.com >> Page: http://about.me/malintha >> > > > > -- > *Regards,* > > *Aparna Karunarathna.* > > > *Associate Technical Lead - QAWSO2 Inc.Mobile: 0714002533* > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Dilshan Edirisuriya Senior Software Engineer - WSO2 Mob: + 94 777878905 http://wso2.com/ https://www.linkedin.com/profile/view?id=50486426
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
