I have installed APIM wsp2 4.2.0 with a domain xxx.xxx.x and then I installed the certificates wso2carbon.jks and client-truststore.jks but when I login to the consoles, admin, devportal and publisher I get error : error 500: the page canno be displayed.
I have temporarily solved the error by adding a Subject Alternative Name (SAN) that includes "localhost" to a self-signed ssl certificate, but that is not the ideal solution, because it must be with the public ssl certificate, but the public one cannot have a Subject Alternative Name (SAN) that includes "localhost".
Does anyone know what I can do to solve this issue?
Thanks
Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching localhost found. at java.base/sun.security.ssl.Alert. createSSLException(Alert. java: 131) at java.base/sun.security.ssl. TransportContext. fatal (TransportContext. java:376) at java.base/sun.security.ssl. TransportContext. fatal (TransportContext. java:319) java.base/sun.security.ssl.TransportContext. fatal (TransportContext. java:314) at java.base/sun.security.ssl. CertificateMessage$12CertificateConsumer. checkServerCerts (CertificateMessage. java: 654) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer .onCertificate(CertificateMessage.java:473) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer. consume (CertificateMessage. java: 369) at java.base/sun.security.ssl.SSLHandshake. consume (SSHandshake. java: 392)
at java.base/sun.security.ssl.HandshakeContext. dispatch( HandshakeContext. java:478) at java. base/sun.security.ssl.SSLEngineImpL$DelegatedTask$DelegatedAction. run(SSLEngineImpl. java: 1082) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction. run(SSLEngineImpl. java: 1069) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask. run(SSLEngineImpl. java: 1016) at java.base/java.util. ArrayList. forEach(ArrayList. java: 1541) at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate. lambda$executeTasks$3(SSLFlowDelegate. java: 1073) at java.net.http/jdk. internal.net.http.HttpClientImpL$DelegatingExecutor.execute(HttpClientImpl.java: 153) at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate. executeTasks (SSLFlowDelegate. java: 1068) at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate.doHandshake(SSLFlowDelegate. java: 1034) at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate$Reader.processData(SSFlowDelegate. iava:442) at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate$Reader$ReaderDownstreamPusher.run(SSLFlowDelegate. java:264) at java.net.http/jdk.internal.net.http.common.SequentialScheduler$SynchronizedRestartableTask. run(Sequentialscheduler. java: 175) at java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask. run(SequentialScheduler. java: 147) at java.net.http/jdk.internal.net.http.common. SequentialScheduler$SchedulableTask. run(SequentialScheduler. java: 198) at java.base/java.util.concurrent. ThreadPooLExecutor. runworker (ThreadPoolExecutor. java: 1128) java.base/java.util.concurrent. ThreadPoolExecutor$worker. run(ThreadPoolExecutor. java:628) 1 more by: java.security.cert.CertificateException: No subject alternative DNS name matching localhost found. at java.base/sun.security.util.HostnameChecker. matchDNS (HostnameChecker. java:212) at java.base/sun.security.util.HostnameChecker. match(HostnameChecker. java: 103) at java.base/sun.security.ssl.509TrustManagerImpl. checkIdentity (X509TrustManagerImpl. java:455) at java.base/sun.security.ssl.509TrustManager Impl. checkIdentity X509TrustManagerImpl. java: 415) at java. base/sun.security.ss.509TrustManager Impl. checkTrusted(X509TrustManagerImpl. java: 283) at java.base/sun.security.ssl.509TrustManagerImpl. checkServerTrusted(X509TrustManagerImpl. java: 141) at java.base/sun.security.ssl.CertificateMessage$12CertificateConsumer. checkServerCerts (CertificateMessage. java: 632) 21 more
The solution I have entered, in the deployment.toml file the following line: internal_hostname = "domain.com"
in the api-manager.sh
-Djdk.internal.httpclient.disableHostnameVerification=true
-Dorg.opensaml.httpclient.https.disableHostnameVerification=true \ \ \
-Dhttpclient.hostnameVerifier=AllowAll \