wso2 api 管理器 SSL 异常

wso2 api 管理器 SSL 异常

我刚刚在 Windows 10 中设置了 WSO2 2.6 并发布了简单的 .net core web api,服务器日志上没有任何错误跟踪,但是当我从 WSO2 Store 使用 OAuth 身份验证调用 api 时,它返回下面的 SSL 异常

ERROR - SourceHandler I/O error: Received fatal alert: certificate_unknown
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
        at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1647)
        at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1615)
        at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1781)
        at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1070)
        at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:896)
        at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766)
        at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
        at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:245)
        at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:280)
        at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:410)
        at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119)
        at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159)
        at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338)
        at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316)
        at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277)
        at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
        at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
        at java.lang.Thread.run(Thread.java:748)

答案1

根据您的第二条回复,此错误是当 API 网关尝试与后端通信时发生的 SSL 故障。在我看来,您正在为特定 API 使用 HTTPS 后端。如果是这样,则需要将后端的公共证书包含在 WSO2 API 管理器中的 client-truststore.jks (/repository/resources/security) 中。

您可以使用以下命令获取端点的公共证书,也可以从浏览器中导出。

openssl s_client -showcerts -connect www.example.com:443 </dev/null

使用以下命令将证书导入到密钥库

keytool -importcert -file certificate.cer -keystore keystore.jks -alias "Alias"

相关内容