登录到/ publisher或/ store时,出现“ Peer not authenticated”错误。
[为了提供更多上下文,我创建了一个新的密钥库,并将其.pem证书导入到client-trustore.jks中,最后更新了SSL密钥库配置以使用此新密钥库,如此处所示:https://docs.wso2.com/display/ADMIN44x/Configuring+Keystores+in+WSO2+Products#Configuring%20keystores%20for%20SSL%20connections
启用了SSL调试的WSO2日志:
%% Invalidated: [Session-11, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384]
http-nio-9443-exec-25, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown
http-nio-9443-exec-25, WRITE: TLSv1.2 Alert, length = 2
http-nio-9443-exec-25, called closeSocket()
http-nio-9443-exec-25, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
http-nio-9443-exec-25, IOException in getSession(): javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
http-nio-9443-exec-45, READ: TLSv1.2 Alert, length = 2
http-nio-9443-exec-45, RECV TLSv1.2 ALERT: fatal, certificate_unknown
http-nio-9443-exec-45, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
http-nio-9443-exec-45, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
http-nio-9443-exec-45, called closeOutbound()
http-nio-9443-exec-45, closeOutboundInternal()
http-nio-9443-exec-45, SEND TLSv1.2 ALERT: warning, description = close_notify
http-nio-9443-exec-45, WRITE: TLSv1.2 Alert, length = 2
TID: [-1234] [] [2020-03-10 15:03:32,866] INFO {org.wso2.carbon.core.internal.permission.update.PermissionUpdater} - Permission cache updated for tenant -1234 {org.wso2.carbon.core.internal.permission.update.PermissionUpdater}
TID: [-1234] [] [2020-03-10 15:03:32,898] INFO {org.apache.axis2.transport.http.HTTPSender} - Unable to sendViaPost to url[https://<serverPublicIP>:9443/services/AuthenticationAdmin] {org.apache.axis2.transport.http.HTTPSender}
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:450)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:276)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:186)
我使用的键盘工具命令:
// Create the keystore
$ keytool -genkey -alias custom -keyalg RSA -keysize 2048 -keystore custom.jks -dname "CN=<myhostdomain>, OU=Home,O=Home,L=SL,S=WS,C=LK" -storepass wso2carbon -keypass wso2carbon
// Export the new keystore certificate
$ keytool -export -alias custom -keystore custom.jks -file custom.pem
// Import the new certificate into the client-truststore
$ keytool -import -alias custom -file custom.pem -keystore client-truststore.jks -storepass wso2carbon
APIM 2.6(不使用IS作为密钥管理器,仅使用库存WSO2 API管理器)
始终在全新安装中复制该问题。问题是我通过在carbon.xml中更改了此配置,从而启用了浏览器中的H2数据库可视化(已注释):
<H2DatabaseConfiguration>
<property name="web" />
<property name="webPort">8082</property>
<property name="webAllowOthers" />
由于某种原因,这会在登录发布者或商店时导致Peer not authenticated错误。