WSO2 iOS Enrollment - hostname in certificate didn't match: <IP> != <HOSTNAME> - ios

I am receiving the below error when I try to enter my domain, username and password during the iOS enrollment process. I have everything pointing to the domain name of the server, not the IP address. I dont know why its trying to use the IP to enroll the device as everything is changed to domain names in the config files.
Any ideas?
Thanks
[2016-02-24 15:15:23,556] ERROR
{org.wso2.carbon.device.mgt.ios.util.OAuthUtils} - Error occurred
while sending 'Post' request due to failure of server connection
javax.net.ssl.SSLException: hostname in certificate didn't match: !=

Related

x509: cannot validate certificate for <<HOST IP>> because it doesn't contain any IP SANs - Hyperledger Fabric-CA

I'm trying to enroll an intermediate certificate authority with its root certificate authority, I'm using TLS and the CAs run in separated docker containers using the fabric-ca images. If I send the CSR trough the docker network there are no problems, but if I try to send it trough my local network I have this problem: x509: cannot validate certificate for "HOST_IP" because it doesn't contain any IP SANs. I read that the reason for my problem, is that the TLS certificate(s) don't contain IP SANs (IP subject alternative names), this is a field in the TLS certificate that basically says: "The certificate was issued to a host that its IP is: <1.2.3.4>". So, if that is the problem, how I could add this field to my certificate? and if not, what is the problem and how I could resolve it? Thanks and regards!
You can follow the explanation given here with a similar IP SANS issue. There is also detailed explanation of IP SANS issue in HLF mailing List. Also make sure when you are using Fabric CA Client, to generate the certificates, use the server's hostname to request the same. for e.g. fabric-ca-client enroll -d --enrollment.profile tls -c <client configuration file> -u https://admin:adminpw#<server hostname>:7054 --csr.hosts $PEER_HOST. If IP address is given in URL TLS handshake will fail with bad TLS certificate error on the server side and 'certificate does not contain IP SANS' error on the client side as the ca-cert.pem used to perform the handshake with the server contains hostname and not the IP address.

"Failed to connect to api.twilio.com port 443: Connection refused" error

I've disabled SSL Certificate Validation under General Settings because my WordPress site is using http.
But I am still still getting "Failed to connect to api.twilio.com port 443: Connection refused" on live and test credentials."
I've also purge caches on the browser.
I am using the guide from https://www.twilio.com/blog/2017/08/send-sms-wordpress-php-plugin.html.
Does the setting takes time to remove the SSL certification validation or what else could go wrong?
Answered by Twilio support "All connections to the Twilio API endpoints must use HTTPS and so if you have no SSL Cert for your Wordpress website it will refuse the request. You will need to get an SSL Certificate for your website in order to call the API endpoints from your Wordpress site/domain. Disabling SSL Certificate Validation setting on Twilio dashboard is for calls from Twilio to your servers, not the other way around."
I am also facing the same challenge while doing a POC to send SMS using twilio. This is the exception that I am getting.
Exception in thread "main" com.twilio.exception.ApiException: Connect to api.twilio.com:443 [api.twilio.com/54.209.184.12, api.twilio.com/52.45.186.111, api.twilio.com/52.4.111.215, api.twilio.com/52.5.142.82, api.twilio.com/54.165.83.5, api.twilio.com/54.84.239.1, api.twilio.com/52.45.52.233, api.twilio.com/52.72.204.95] failed: Connection refused: connect
at com.twilio.http.NetworkHttpClient.makeRequest(NetworkHttpClient.java:128)
at com.twilio.http.HttpClient.reliableRequest(HttpClient.java:42)
at com.twilio.http.HttpClient.reliableRequest(HttpClient.java:25)
at com.twilio.http.TwilioRestClient.request(TwilioRestClient.java:42)
at com.twilio.rest.api.v2010.account.MessageCreator.create(MessageCreator.java:402)

wget : connection reset by peer in redhat linux

I am trying to access remote soap URL through wget command in RedHat linux but some times i get below Exception. What could be the reason for below Error. I am expecting HTTP 200 response but instead getting below error.
lgadmin#mnpgategui1 apps]$ wget --no-check-certificate https://remote ip:port/mnpserver/services/mnpservice?wsdl
--23:54:42-- https://remote ip:port/mnpserver/services/mnpservice?wsdl
Connecting to remote ip:port... connected.
WARNING: cannot verify IP's certificate, issued by `/C=IN/ST=NCR/L=XXX/O=YYY Technologies/OU=TEL/CN=SSS':
Self-signed certificate encountered.
WARNING: certificate common name `SSS' doesn't match requested host name `IP'.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.
Regards,
Jay
It is usually when a firewall drop the connection or the host is a proxy to another host, and the other host drop

SSL certificate FQDN for REST web service at a specific path

I was using iOS to connect to a server using a certificate whose CN (commonname) and FQDN (fully qualified domain name) is server.myexample.com. The server certificate was signed by my own Root CA (whose certificate I added to my anchor certs via SecTrustSetAnchorCertificates and verified via the method described here using NSURLAuthenticationChallenge).
With my iOS client, I was attempting to connect my REST service located at: server.myexample.com/Path1/service1, but I kept receiving the following error:
The certificate for this server is invalid. You might be connecting to a server
that is pretending to be “server.myexample.com” which could put your confidential
information at risk.
Error occurred while fetching https://server.myexample.com/Path1/service1: Error
Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid.
You might be connecting to a server that is pretending to be “server.myexample.com”
which could put your confidential information at risk."
I get additional messages with the same info but specifying the errors: NSErrorFailingURLStringKey and NSURLErrorFailingURLPeerTrustErrorKey.
I found that I could also call the service with server.myexample.com/service1 and removed Path1 from my request URL, and the server certificate verification worked correctly. Why is this? I was under the impression that the server only needed 1 certificate, meaning any services it hosts would also be using that same certificate. Maybe you need a separate server certificate per path? I was not aware the paths after the server ip address/domain needed to have their own certificate.
To summarize:
iOS client app with Root CA certificate in the anchor certs
Server server1's certificate signed by Root CA has a CN of server.myexample.com and whose FQDN is https://server.myexample.com.
Server server.myexample.com hosts service1 which can be accessed by web browser via:
https://server.myexample.com/service1 (passes iOS client's authentication of server)
https://server.myexample.com/Path1/service1 (FAILS iOS client's authentication of server)
CA and server certificates were created via OpenSSL
Thanks in advance!

RestKit IOS SSL certificate invalid

I installed a GoDaddy issued certificate and getting this error below while calling https with 8181 port. It worked fine with HTTP.
The certificate for this server is invalid. You might be connecting to a server that is pretending to be “my.ip.” which could put your confidential information at risk."
Did restkit error out because i am using IP instead of valid domain name?
If you are connecting via typing https://your.ip:8181/ in your browser, that is the issue.
SSL/TLS certificate for web site contains domain name for which it is issued, and it should match the name typed in address bar.

Resources