Skip to content

How to disable Hostname verification ? #490

New issue
New issue
Open
Open
How to disable Hostname verification ?#490
@jackchuong

Description

@jackchuong
jackchuong
opened on May 19, 2023

Hi all,
I'm trying WSO2 API Manager 4.2.0 + mysql with docker compose , apim_db & shared_db changed to MySQL , WSO2CARBON_DB is still H2 as default, this is my configs:

docker-compose.yml
version: '3.1'
services:
  wso2apim:
    image: docker.wso2.com/wso2am:4.2.0
    container_name: wso2apim
    hostname: esb.mydomain.com
    environment:
      - TZ=Asia/Ho_Chi_Minh
    ports:
      - 9443:9443
      - 8243:8243
      - 8280:8280
    volumes:
      - ./mysql-connector-j-8.0.33.jar:/home/wso2carbon/wso2am-4.2.0/repository/components/lib/mysql-connector-j-8.0.33.jar
      - ./deployment.toml:/home/wso2carbon/wso2am-4.2.0/repository/conf/deployment.toml
      - ./security:/home/wso2carbon/wso2am-4.2.0/repository/resources/security
      - ./database:/home/wso2carbon/wso2am-4.2.0/repository/database
    restart: always

  wso2mysql:
    image: mysql:8.0
    container_name: wso2mysql
    environment:
      - TZ=Asia/Ho_Chi_Minh
      - MYSQL_ROOT_PASSWORD=***
    security_opt:
      - seccomp:unconfined
    volumes:
      - ./mysqldata:/var/lib/mysql
      - ./my.cnf:/etc/mysql/my.cnf
      #- ./dbscripts:/docker-entrypoint-initdb.d
    restart: always

deployment.toml (I only post the parts that have changed from the default)
[server]
hostname = "esb.mydomain.com"
[database.apim_db]
type = "mysql"
url = "jdbc:mysql://wso2mysql:3306/WSO2AM_DB?useSSL=false&allowPublicKeyRetrieval=true"
username = "root"
password = "***"
driver="com.mysql.cj.jdbc.Driver"

[database.shared_db]
type = "mysql"
url = "jdbc:mysql://wso2mysql:3306/WSO2AM_SHARED_DB?useSSL=false&allowPublicKeyRetrieval=true"
username = "root"
password = "***"
driver="com.mysql.cj.jdbc.Driver"

I have a wildcard certificate for *.mydomain.com , and I configured keystore , replaced alias "wso2carbon" in wso2carbon.jks (with pfx file) and client-truststore.jks (with pem file) , restarted containers.
I can login to https://esb.mydomain.com:9443/carbon successfully , valid certificate
When I try to access https://esb.mydomain.com:9443/publisher or /devportal I get error like

Caused by: javax.net.ssl.SSLHandshakeException: No name matching localhost found
Caused by: java.security.cert.CertificateException: No name matching localhost found

As far as I know, because my wildcard certificate doesn't have localhost as the Common Name(CN) or as a Subject Alternate Name(SAN) hence when the server is trying to connect with the host localhost the HostName verification fails.
I cannot request a new certificate for now, how can I disable Hostname verification with docker compose to make it work ?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions