WSO2 ESB SSLException Host name verification failed for host

This issue could be solved by changing HostnameVerifier but there can be security vulnerabilities by allowing this. 
<parameter name="HostnameVerifier">AllowAll</parameter>

With the ESB 5.0.0 and upwards, you could achieve this by configuring proxy profiles. You do not need to change the host name verifier parameter to 'AllowAll'.
In the axis2.xml file inside the transportSender, you could configure the proxyProfiles parameter with the following configuration.

<transportSender name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLSender">
        <!--<parameter name="HostnameVerifier">AllowAll</parameter>-->
        <parameter name="non-blocking" locked="false">true</parameter>
        <parameter name="keystore" locked="false">
            <KeyStore>
                <Location>repository/resources/security/wso2carbon.jks</Location>
                <Type>JKS</Type>
                <Password>wso2carbon</Password>
                <KeyPassword>wso2carbon</KeyPassword>
            </KeyStore>
        </parameter>
        <parameter name="truststore" locked="false">
            <TrustStore>
                <Location>repository/resources/security/client-   truststore.jks</Location>
                <Type>JKS</Type>
                <Password>wso2carbon</Password>
            </TrustStore>
        </parameter>
        <parameter name="proxyProfiles">
            <profile>
                <targetHosts>.*.abc.com</targetHosts>
                <proxyHost>proxy.xyz.com.abc.com</proxyHost>
                <proxyPort>8080</proxyPort>
            </profile>
        </parameter>  
    </transportSender>


Also make sure to point the IP address of the proxy server to a host name with the suffix .abc.com, as in the above sample (proxy.micron.com.quickbase.com).
Example:
In /etc/hosts -

127.0.0.1       proxy.xyz.com.abc.com

Therefore proxy.xyz.com.abc.com will be a verified proxy since it's validating the hosts name with abc.com.

Refer this Link for more information on Configuring proxy profiles in WSO2 ESB




Comments

Post a Comment

Popular posts from this blog

How to fix SoapUI freeze in Mac OS

Follow these steps carefully, which will fix SoapUI freeze in Mac OS. [Note: Tested in my OS X 10.11.6] Start ‘Activity Monitor’ and Force Kill your dead soapUI process. [Or use Command-Option-Escape to force quit it.] In Finder, /Applications/SmartBear/soapUI-5.0.0.app > Show Package Contents. Edit /Applications/SmartBear/soapUI-5.0.0.app/Contents/ java/app/bin/soapui.sh. Uncomment this line# JAVA_OPTS="$JAVA_OPTS -Dsoapui.browser.disabled=true". [In other words, remove the "#" to stop it being a comment.] Edit /Applications/SmartBear/soapUI-5.0.0.app/Contents/ vmoptions.txt. Add -Dsoapui.browser.disabled=true. Start soapUI. [In those paths, change  soapUI-5.0.0  to match your version. For me it is  soapUI-5.1.3 .] Referenced from:  https://community.smartbear.com/t5/SoapUI-NG/SoapUI-Pro-5-1-2-hangs-on-Mac-OS-X-10-8-5/td-p/95626
Read more

Salesforce Auto generate renewal Opportunity with Line Items (i.e. Opportunity Products)

Image
First,  let's take a look at the business scenario of this.  Each Account(customer) have a set of opportunities and its Line Items which also know as Products of that Opportunity. Once the salesperson enters those opportunity and product details in the Salesforce, those are likely to be renewed (quarterly, yearly...etc) by the customer if they are planning to go ahead with the same vendor in the next year as well. Therefore, we need to again enter the same data into Salesforce which is almost similar to the previous details which are a time-consuming tedious task.    Our objective is to automate this renewal scenario. What are the available options Writing a class which is invoked by a Visualforce page to create the new opportunity and line items (by acquiring data through SOQL in the Apex class). Writing a trigger to fire on the opportunity once the particular conditions are met. Configuring a process builder follows by a flow to create the op
Read more

Salesforce Create multiple child records based on a number field in the parent using flow

Image
For this example, I'm using salesforce flow to create Ramp plans (child object) based on a number value field in opportunity (parent object) The flow starts from a process builder after an Opportunity closed won In here my number value field is  Contract Term Length (In Months) This is kind of a custom loop which iterate   the   Contract Term Length  Final flow diagram Start by creating an Auto launched flow Let's create the variables we need to store the object data. Note: Please check my previous post to get an idea to create variables you need. First, we need to get the opportunity ID To do that we are adding a Get Records element to the canvas Then store the Opportunity Id on VarT_Opportunity ID In the same panel allocate the value for VarT_ContractTermLength Add a decision element  Configure two outcomes as following Then add an Assignment Element  If the contr
Read more