Hi Bin, Please find my comments for your problem in-line.
On Thu, Aug 2, 2012 at 9:20 AM, Maeglin Vardamir <[email protected]> wrote: > Hi guys, > > I am not sure whether this is the right list to post my problems. Please > correct me if I made any mistakes. > > My purpose is to set a web service gateway with WSO2. This gateway would > include schema validation, request multiplexing, auth, transaction log and > services registration. > > I chose WSO2 ESB. Maybe I should chose WSO2 Application Server or other > product. Please give me your opinions about selection. > > My web service could be accessed only by https connection. From the server > that I launched WSO2 ESB, I can access my web service from web browser. > (Yes, I had imported certification into my browser.) I also can access WSDL > of my web service through SSL connection via web browser. (It is a RESTful > web service). > > According to some docs I found on the internet, I imported my CA & SubCA > certs into $(WSO2_HOME)/repository/resources/security/client-truststore.jks > and private key > into $(WSO2_HOME)/repository/resources/security/wso2carbon.jks (I tried to > replace the existing private of wso2carbon.jk. And I also tried to add a > new private key into the file either). I also import my CA&SubCA certs into > $(JAVA_HOME)/jre/lib/security/cacerts. > According to my experience, you dont need to import your CA & SubCA into $(JAVA_HOME)/jre/lib/security/ cacerts. Also, if I understand correctly, you need the ESB to access your web service through https. In that case it is enough to import your CA and Sub CA certs to the client-truststore. > > When I open https://localhost:9443/carbon/ with my browser, I got error > messages as below: > > *Secure Connection Failed* > * * > *An error occurred during a connection to localhost:9443.* > * * > *Certificate type not approved for application.* > * * > *(Error code: sec_error_inadequate_cert_type)* > * * > * The page you are trying to view cannot be shown because the > authenticity of the received data could not be verified.* > * Please contact the website owners to inform them of this problem. > Alternatively, use the command found in the help menu to report this broken > site.* > * > * > Any suggestion are welcomed. > I think the problem is with the private key which you have imported to wso2carbon.jks. When you import the new key pair, I think it is better to replace the existing private key rather than keeping two key pairs in the same keystore (I dont know how correct it is). I have a recent experience where the browser refusing the https connection with ESB due to problems with the signature algorithm used in the private key. Please check the signature algorithm used in your key. If it is MD2 with RSA, browser will throw this kind of error. Try to change it to MD5 with RSA. Also, try to access the management console of ESB with different browsers. Most probably IE will allow the connection. Regards, Amila. > > Regards, > Bin > > _______________________________________________ > User mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/user > > -- *Amila Maharachchi* Technical Lead Member, Management Committee - Cloud & Platform TG WSO2, Inc.; http://wso2.com Blog: http://maharachchi.blogspot.com Mobile: +94719371446
_______________________________________________ User mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/user
